Unclecheng-li

Unclecheng-li / VulnClaw

Public

基于 AI Agent + MCP 工具链 + 渗透 Skill 编排, 配合大语言模型, 自然语言输入 → 自动完成「信息收集 → 漏洞发现 → 漏洞利用 → 报告生成」全流程。

ai ai-agent ai-tools ctf cybersecurity
15
1
89% credibility
Found Apr 22, 2026 at 15 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

VulnClaw is a chat-based helper that automates security scans and bug hunts on authorized test targets using everyday language.

How It Works

1
🔍 Discover VulnClaw

A cybersecurity friend shares this smart helper that turns plain talk into powerful security checks on your own test setups.

2
📦 Get it running

With one simple command, you add it to your computer like installing any helpful app.

3
🔗 Link your AI brain

Pick a thinking service and share your private passcode so it can understand your requests.

4
💬 Chat like a pro

Open the friendly chat window and describe what you want to check, like 'test my lab site for weak spots'.

5
🎯 Aim at your safe target

Name your authorized practice site, and it starts exploring ports, pages, and hidden doors on its own.

6
🔥 See bugs light up

It runs smart rounds of checks, spotting real issues like open doors or sneaky flaws, all shown clearly.

7
📄 Grab your report

At the end, it hands you a neat summary with proof steps and ready-to-run fix scripts.

🛡️ Strengthen your defenses

Now you know exactly where to patch, keeping your real systems safe and sound.

Sign up to see the full architecture

6 more

Sign Up Free

Star Growth

See how this repo grew from 15 to 15 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is VulnClaw?

VulnClaw is a Python CLI tool that automates full penetration testing workflows using an AI agent powered by the MCP protocol. You input natural language commands like "pentest 192.168.1.100", and it handles recon, vulnerability discovery, exploitation, and report generation with PoC scripts. Built on LLM tool calling with MCP services like fetch and memory, plus 20 pentest skills for web, CTF, and crypto challenges.

Why is it gaining traction?

It stands out by chaining MCP tools (11 servers, 23 tools) with specialized skills, supporting 8 LLM providers like MiniMax or DeepSeek via one-command switches. Persistent mode runs 100-round cycles with auto-reports, beating manual scripting or basic scanners. Developers dig the REPL for interactive agent mcp llm flows, similar to agent github copilot cli but for red teaming.

Who should use this?

Red team operators running authorized pentests or CTFs, security researchers testing agent mcp architecture in agent github repos, and pentesters tired of juggling nmap, Burp, and Frida manually. Ideal for those exploring agent mcp tools via tutorials or github agent hq setups.

Verdict

Try it for agent mcp protocol experiments—early alpha with 15 stars and solid docs, but 0.9% credibility score flags risks like unproven stability. Pair with your own MCP gateway for production red teaming.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.