Accompanying materials from the OpenClaw pentesting experiment — an exploration of AI-assisted red team operations against enterprise Active Directory environments.
AD-Recon-Authenticated-SKILL.md— A structured skill/methodology for authenticated AD reconnaissance from Linux, covering LDAP enumeration, BloodHound ingestion, Kerberoasting, delegation analysis, SMB enumeration, and attack path identification.matrix-claw-persona.txt— The system persona and operating constraints for the OpenClaw red team agent, defining its chain of command, reporting requirements, permission boundaries, and safety controls.legacy-ad-attack-paths-REDACTED.md— A redacted example of attack path analysis output produced during an engagement, demonstrating the type of findings the methodology surfaces. Sanitised for public release.OpenClaw-Architecture.md— Architecture overview of the OpenClaw platform on NixOS, covering flake-based reproducibility, declarative host deployment, skill and package management, and the guardrails that constrain agent behaviour on the engagement host.
These materials were developed as part of a research project investigating how AI agents can be applied to penetration testing workflows. The skill file and persona define how the agent operates; the attack paths document is a representative (redacted) output.
These materials are provided for educational and research purposes only. Use only in authorised engagements with explicit written permission.