--- name: shannon version: "1.0.0" description: "Autonomous AI pentester for web apps and APIs. Run white-box security assessments with Shannon — analyzes source code, identifies attack vectors, and executes real exploits to prove vulnerabilities. Triggered by 'shannon', 'pentest', 'security audit', 'vuln scan'." argument-hint: 'shannon http://localhost:3000 myapp, shannon --workspace=audit1 http://staging.example.com myrepo' allowed-tools: Bash, Read, Write, AskUserQuestion, WebSearch homepage: https://github.com/KeygraphHQ/shannon repository: https://github.com/KeygraphHQ/shannon author: KeygraphHQ license: AGPL-3.0 user-invocable: true metadata: openclaw: emoji: "🔐" category: "security" requires: env: - ANTHROPIC_API_KEY optionalEnv: - ANTHROPIC_AUTH_TOKEN - ANTHROPIC_BASE_URL - ANTHROPIC_MODEL - ANTHROPIC_SMALL_FAST_MODEL - CLAUDE_CODE_OAUTH_TOKEN - CLAUDE_CODE_USE_BEDROCK - CLAUDE_CODE_USE_VERTEX - AWS_REGION - AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY bins: - docker - git primaryEnv: ANTHROPIC_API_KEY files: - "scripts/*" tags: - security - pentesting - pentest - vulnerability - exploit - owasp - xss - sqli - ssrf - authentication - authorization - white-box - appsec --- # Shannon: Autonomous AI Pentester for Web Apps & APIs > **Permissions overview:** This skill orchestrates Shannon, a Docker-based pentesting tool that actively executes attacks against a target application. It clones/updates the Shannon repo locally, runs Docker containers, and reads pentest reports. **Shannon performs real exploits — only run against apps you own or have explicit written authorization to test.** Never run against production systems. Shannon analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production. 96.15% exploit success rate on the XBOW security benchmark. Covers OWASP Top 10: Injection, XSS, SSRF, Broken Auth, Broken AuthZ, and more. --- ## CRITICAL: Safety Checks (ALWAYS run first) Before doing ANYTHING, you MUST confirm: 1. **Authorization**: Ask the user — "Do you have explicit authorization to pentest this target?" If they say no or are unsure, STOP and explain they need written permission from the system owner. 2. **Environment**: Confirm the target is a local, staging, or sandboxed environment — NEVER production. 3. **Scope**: Clarify what they want tested (full pentest vs specific category). ``` ⚠️ Shannon executes REAL ATTACKS with mutative effects. ├─ Only run on systems you OWN or have WRITTEN AUTHORIZATION to test ├─ Never target production environments ├─ Results require human review — LLM output may contain hallucinations └─ You are responsible for complying with all applicable laws ``` Display this warning BEFORE every pentest run. If the user has already confirmed authorization in this session, a brief reminder suffices. --- ## Parse User Intent Extract from the user's input: 1. **TARGET_URL**: The URL to pentest (e.g., `http://localhost:3000`, `http://staging.example.com`) 2. **REPO_NAME**: The source code folder name (placed in `./repos/` inside Shannon) 3. **SCOPE**: Full pentest (default) or specific categories (injection, xss, ssrf, auth, authz) 4. **WORKSPACE**: Named workspace for resume capability (optional) 5. **CONFIG**: Custom YAML config path (optional, for auth flows, focus/avoid rules) Common invocation patterns: - `/shannon http://localhost:3000 myapp` → Full pentest of local app - `/shannon --workspace=audit1 http://staging.example.com backend-api` → Named workspace for resuming - `/shannon --scope=xss,injection http://localhost:8080 frontend` → Targeted categories - `/shannon status` → Check running pentests - `/shannon results` → Show latest report - `/shannon stop` → Stop running pentest Display parsed intent: ``` 🔐 Shannon Pentest ├─ Target: {TARGET_URL} ├─ Source: repos/{REPO_NAME} ├─ Scope: {SCOPE or "Full (all 5 OWASP categories)"} ├─ Workspace: {WORKSPACE or "auto-generated"} └─ Config: {CONFIG or "default"} Estimated runtime: 1–1.5 hours │ Estimated cost: ~$50 (Claude Sonnet) ``` --- ## Step 0: Ensure Shannon is Installed Check if Shannon is cloned locally: ```bash SHANNON_HOME="${SHANNON_HOME:-$HOME/shannon}" if [ -d "$SHANNON_HOME" ] && [ -f "$SHANNON_HOME/shannon" ]; then echo "Shannon found at $SHANNON_HOME" cd "$SHANNON_HOME" && git pull --ff-only 2>/dev/null || true else echo "Shannon not found. Cloning..." git clone https://github.com/KeygraphHQ/shannon.git "$SHANNON_HOME" fi # Verify Docker is available if command -v docker &>/dev/null; then echo "Docker: $(docker --version)" else echo "ERROR: Docker is required. Install Docker Desktop: https://docker.com/products/docker-desktop" exit 1 fi ``` If Shannon is not installed, clone it and inform the user. If Docker is missing, stop and tell them to install it. **SHANNON_HOME** defaults to `~/shannon`. Users can override with `SHANNON_HOME` env var. --- ## Step 1: Prepare Source Code Shannon needs the target's source code in `$SHANNON_HOME/repos/{REPO_NAME}/`. Ask the user where their source code is: ```bash # If user provides a local path REPO_PATH="/path/to/their/source" REPO_NAME="myapp" # Create symlink or copy into Shannon's repos directory mkdir -p "$SHANNON_HOME/repos" if [ ! -d "$SHANNON_HOME/repos/$REPO_NAME" ]; then ln -s "$(realpath "$REPO_PATH")" "$SHANNON_HOME/repos/$REPO_NAME" echo "Linked $REPO_PATH → repos/$REPO_NAME" fi ``` If the user provides a GitHub URL instead: ```bash cd "$SHANNON_HOME/repos" git clone "$GITHUB_URL" "$REPO_NAME" ``` --- ## Step 2: Configure Authentication (if needed) If the target requires login, help the user create a YAML config: ```yaml # $SHANNON_HOME/configs/target-config.yaml authentication: type: form # "form" or "sso" login_url: "http://localhost:3000/login" credentials: username: "admin" password: "password123" flow: "Navigate to login page, enter username and password, click Sign In" success_condition: url_contains: "/dashboard" rules: avoid: - "/logout" - "/admin/delete" focus: - "/api/" - "/auth/" pipeline: max_concurrent_pipelines: 5 # 1-5, default 5 ``` **Only create a config if the target requires authentication or has specific scope rules.** For open/unauthenticated targets, no config is needed. --- ## Step 3: Verify API Credentials Check that AI provider credentials are available: ```bash cd "$SHANNON_HOME" # Check for AI provider credentials if [ -n "${ANTHROPIC_API_KEY:-}" ]; then echo "✅ ANTHROPIC_API_KEY is set" elif [ -n "${ANTHROPIC_AUTH_TOKEN:-}" ] && [ -n "${ANTHROPIC_BASE_URL:-}" ]; then echo "✅ MiniMax mode: ANTHROPIC_AUTH_TOKEN + ANTHROPIC_BASE_URL are set" echo " Base URL: $ANTHROPIC_BASE_URL" echo " Model: ${ANTHROPIC_MODEL:-MiniMax-M2.7}" elif [ -n "${CLAUDE_CODE_OAUTH_TOKEN:-}" ]; then echo "✅ CLAUDE_CODE_OAUTH_TOKEN is set" elif [ "${CLAUDE_CODE_USE_BEDROCK:-}" = "1" ]; then echo "✅ AWS Bedrock mode enabled" elif [ "${CLAUDE_CODE_USE_VERTEX:-}" = "1" ]; then echo "✅ Google Vertex AI mode enabled" else echo "❌ No AI credentials found." echo "Set one of: ANTHROPIC_API_KEY, ANTHROPIC_AUTH_TOKEN+ANTHROPIC_BASE_URL (MiniMax), CLAUDE_CODE_OAUTH_TOKEN, or enable Bedrock/Vertex" exit 1 fi ``` If no credentials are found, explain the options: - **Direct API** (recommended): `export ANTHROPIC_API_KEY=sk-ant-...` - **MiniMax**: Set `ANTHROPIC_AUTH_TOKEN` and `ANTHROPIC_BASE_URL` (see MiniMax section below) - **OAuth**: `export CLAUDE_CODE_OAUTH_TOKEN=...` - **AWS Bedrock**: `export CLAUDE_CODE_USE_BEDROCK=1` + AWS credentials - **Google Vertex**: `export CLAUDE_CODE_USE_VERTEX=1` + service account in `./credentials/` Also recommend: `export CLAUDE_CODE_MAX_OUTPUT_TOKENS=64000` --- ## Step 4: Launch the Pentest **CRITICAL: Confirm with the user before launching.** Display the full command and wait for approval. ```bash cd "$SHANNON_HOME" # Build the command CMD="./shannon start URL={TARGET_URL} REPO={REPO_NAME}" # Add optional flags # CONFIG=configs/target-config.yaml (if auth config exists) # WORKSPACE={WORKSPACE} (if user specified) # OUTPUT=./audit-logs/ (default) echo "Ready to launch:" echo " $CMD" echo "" echo "This will start Docker containers and begin the pentest." echo "Runtime: ~1-1.5 hours │ Cost: ~\$50 (Claude Sonnet)" ``` After user confirms, run in background: ```bash cd "$SHANNON_HOME" && ./shannon start URL={TARGET_URL} REPO={REPO_NAME} {EXTRA_FLAGS} ``` Use `run_in_background: true` with a timeout of 600000ms (10 minutes for initial setup). The pentest itself runs in Docker and will continue independently. --- ## Step 5: Monitor Progress While the pentest runs, the user can check status: ```bash cd "$SHANNON_HOME" # List active workspaces ./shannon workspaces # View logs for a specific workflow ./shannon logs ID={workflow-id} ``` Explain the 5-phase pipeline: ``` Shannon Pipeline (5 phases, parallel where possible): ├─ Phase 1: Pre-Recon — Source code analysis + external scans (Nmap, Subfinder, WhatWeb) ├─ Phase 2: Recon — Live attack surface mapping via browser automation ├─ Phase 3: Vulnerability Analysis — 5 parallel agents (Injection, XSS, SSRF, Auth, AuthZ) ├─ Phase 4: Exploitation — Dedicated agents execute real attacks to validate findings └─ Phase 5: Reporting — Executive summary with reproducible PoCs ``` --- ## Step 6: Read and Interpret Results Reports are saved to `$SHANNON_HOME/audit-logs/{hostname}_{sessionId}/`. ```bash cd "$SHANNON_HOME" # Find the latest report LATEST=$(ls -td audit-logs/*/ 2>/dev/null | head -1) if [ -n "$LATEST" ]; then echo "Latest report: $LATEST" # Find the main report file find "$LATEST" -name "*.md" -type f | head -5 fi ``` Read the report and present a summary: ``` 🔐 Shannon Pentest Report: {TARGET} ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔴 Critical: {N} vulnerabilities 🟠 High: {N} vulnerabilities 🟡 Medium: {N} vulnerabilities 🔵 Low: {N} vulnerabilities Top Findings: 1. [CRITICAL] {Vuln type} — {location} — PoC: {brief description} 2. [HIGH] {Vuln type} — {location} — PoC: {brief description} 3. ... Each finding includes a reproducible proof-of-concept exploit. ``` **IMPORTANT: Shannon's "no exploit, no report" policy means every finding has a working PoC.** But remind the user that LLM-generated content requires human review. --- ## Utility Commands ### Check status ```bash cd "$SHANNON_HOME" && ./shannon workspaces ``` ### View logs ```bash cd "$SHANNON_HOME" && ./shannon logs ID={workflow-id} ``` ### Stop pentest ```bash cd "$SHANNON_HOME" && ./shannon stop ``` ### Stop and clean up all data ```bash # DESTRUCTIVE — confirm with user first cd "$SHANNON_HOME" && ./shannon stop CLEAN=true ``` ### Resume a previous workspace ```bash cd "$SHANNON_HOME" && ./shannon start URL={URL} REPO={REPO} WORKSPACE={name} ``` --- ## Targeting Local Apps If the user's app runs on localhost, explain: ``` Shannon runs inside Docker. To reach your local app: ├─ Use http://host.docker.internal:{PORT} instead of http://localhost:{PORT} ├─ macOS/Windows: works automatically with Docker Desktop └─ Linux: add --add-host=host.docker.internal:host-gateway to docker run ``` Automatically translate `localhost` URLs to `host.docker.internal` in the command. --- ## Using MiniMax as AI Provider Shannon supports [MiniMax](https://platform.minimax.io) as an alternative AI backend via the Anthropic SDK compatibility layer. MiniMax provides the `MiniMax-M2.7` model through an Anthropic-compatible API endpoint. ### MiniMax Setup 1. **Get a MiniMax API key** from [platform.minimax.io](https://platform.minimax.io). 2. **Configure environment variables** — either export them directly or add to `~/.claude/settings.json`: ```bash # Export directly export ANTHROPIC_AUTH_TOKEN="your-minimax-api-key" export ANTHROPIC_BASE_URL="https://api.minimax.io/anthropic" # International # export ANTHROPIC_BASE_URL="https://api.minimaxi.com/anthropic" # China # Set model (all model slots use the same MiniMax model) export ANTHROPIC_MODEL="MiniMax-M2.7" export ANTHROPIC_SMALL_FAST_MODEL="MiniMax-M2.7" export ANTHROPIC_DEFAULT_SONNET_MODEL="MiniMax-M2.7" export ANTHROPIC_DEFAULT_OPUS_MODEL="MiniMax-M2.7" export ANTHROPIC_DEFAULT_HAIKU_MODEL="MiniMax-M2.7" ``` Or in `~/.claude/settings.json`: ```json { "env": { "ANTHROPIC_AUTH_TOKEN": "your-minimax-api-key", "ANTHROPIC_BASE_URL": "https://api.minimax.io/anthropic", "ANTHROPIC_MODEL": "MiniMax-M2.7", "ANTHROPIC_SMALL_FAST_MODEL": "MiniMax-M2.7", "ANTHROPIC_DEFAULT_SONNET_MODEL": "MiniMax-M2.7", "ANTHROPIC_DEFAULT_OPUS_MODEL": "MiniMax-M2.7", "ANTHROPIC_DEFAULT_HAIKU_MODEL": "MiniMax-M2.7", "API_TIMEOUT_MS": "3000000", "CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC": "1" } } ``` 3. **Clear conflicting env vars** — ensure `ANTHROPIC_API_KEY` is not set when using MiniMax, as it takes precedence: ```bash unset ANTHROPIC_API_KEY ``` 4. **Run Shannon normally** — the MiniMax credentials are passed through to Shannon's Docker containers via the Anthropic SDK compatibility layer: ```bash cd "$SHANNON_HOME" && ./shannon start URL=http://localhost:3000 REPO=myapp ``` ### MiniMax Notes - MiniMax uses `ANTHROPIC_AUTH_TOKEN` (not `ANTHROPIC_API_KEY`) for authentication - The `ANTHROPIC_BASE_URL` routes requests to MiniMax's Anthropic-compatible endpoint - Set `API_TIMEOUT_MS=3000000` for extended timeouts (recommended for pentesting workloads) - Set `CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1` to reduce non-essential API calls - MiniMax provides a single model (`MiniMax-M2.7`) that is used for all model slots --- ## Configuration Reference ### Environment Variables | Variable | Required | Description | |----------|----------|-------------| | `ANTHROPIC_API_KEY` | One of these | Direct Anthropic API key | | `ANTHROPIC_AUTH_TOKEN` | required | MiniMax (or compatible) auth token | | `ANTHROPIC_BASE_URL` | | API base URL (for MiniMax: `https://api.minimax.io/anthropic`) | | `ANTHROPIC_MODEL` | | Model override (e.g., `MiniMax-M2.7`) | | `ANTHROPIC_SMALL_FAST_MODEL` | | Small/fast model override | | `CLAUDE_CODE_OAUTH_TOKEN` | | Anthropic OAuth token | | `CLAUDE_CODE_USE_BEDROCK` | | Set to `1` for AWS Bedrock | | `CLAUDE_CODE_USE_VERTEX` | | Set to `1` for Google Vertex AI | | `CLAUDE_CODE_MAX_OUTPUT_TOKENS` | Recommended | Set to `64000` | | `API_TIMEOUT_MS` | Optional | Request timeout in ms (MiniMax: `3000000`) | | `CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC` | Optional | Set to `1` to reduce non-essential calls | | `SHANNON_HOME` | Optional | Shannon install dir (default: `~/shannon`) | ### YAML Config Options | Section | Field | Description | |---------|-------|-------------| | `authentication.type` | `form` / `sso` | Login method | | `authentication.login_url` | URL | Login page | | `authentication.credentials` | object | username, password, totp_secret | | `authentication.flow` | string | Natural language login instructions | | `authentication.success_condition` | object | `url_contains` or `element_present` | | `rules.avoid` | list | Paths/subdomains to skip | | `rules.focus` | list | Paths/subdomains to prioritize | | `pipeline.retry_preset` | `subscription` | Extended backoff for rate-limited plans | | `pipeline.max_concurrent_pipelines` | 1-5 | Parallel agent count (default: 5) | --- ## Vulnerability Coverage Shannon tests 50+ specific cases across 5 OWASP categories: | Category | Examples | |----------|----------| | **Injection** | SQL injection, command injection, SSTI, NoSQL injection | | **XSS** | Reflected, stored, DOM-based, via file upload | | **SSRF** | Internal service access, cloud metadata, protocol smuggling | | **Broken Auth** | Default creds, JWT flaws, session fixation, MFA bypass, CSRF | | **Broken AuthZ** | IDOR, privilege escalation, path traversal, forced browsing | --- ## Integrated Security Tools (bundled in Docker) - **Nmap** — port scanning and service detection - **Subfinder** — subdomain enumeration - **WhatWeb** — web technology fingerprinting - **Schemathesis** — API schema-based fuzzing - **Chromium** — headless browser for automated exploitation (Playwright) --- ## Context Memory For the rest of this conversation, remember: - **SHANNON_HOME**: Path to Shannon installation - **TARGET_URL**: The URL being tested - **REPO_NAME**: Source code folder name - **WORKSPACE**: Workspace name (if any) - **PENTEST_STATUS**: running / completed / stopped When the user asks follow-up questions: - Check pentest status and report on progress - Read and interpret new findings from audit-logs - Help remediate discovered vulnerabilities with code fixes - Explain PoC exploits and their impact --- ## Security & Permissions **What this skill does:** - Clones/updates the Shannon repo from GitHub to `~/shannon` (or `$SHANNON_HOME`) - Creates symlinks from user's source code into `~/shannon/repos/` - Starts Docker containers (Temporal server, worker, optional router) via `./shannon` CLI - Reads pentest reports from `~/shannon/audit-logs/` - Optionally creates YAML config files in `~/shannon/configs/` **What Shannon does (inside Docker):** - Executes real exploits against the target URL (SQL injection, XSS, SSRF, etc.) - Scans with Nmap, Subfinder, WhatWeb, Schemathesis - Automates browser interactions via headless Chromium - Sends prompts to Anthropic API (or Bedrock/Vertex) for reasoning - Writes reports to `audit-logs/` directory **What this skill does NOT do:** - Does not target any system without user confirmation - Does not store or transmit API keys beyond the configured provider - Does not modify the user's source code - Does not access production systems unless explicitly directed (which it warns against) - Does not run without Docker — all attack tools are containerized **Review the Shannon source code before first use:** https://github.com/KeygraphHQ/shannon