RepoRadar
Leave a Tip
Item detail
github.com

Unclecheng-li/VulnClaw

RepoRadar surfaced Unclecheng-li/VulnClaw — a security agent — into the Security and Infra section, where it sits at Silver tier with a 'worth watch' verdict. Its strongest signal is open-source/build quality, scored 8.4 out of 10.

Open source Back to radar
Score7.7
Popularity1.0
Riskhigh
TierSilver
Score breakdown
Usefulness7.0
Novelty7.0
Momentum6.0
Maturity5.2
Open-source/build8.4
Evidence8.0
Workflow potential8.1
Setup ease4.2

Popularity is tracked separately. Support, ads, sponsorships, and tips never affect these signals.

Why it matters

Useful for authorized security researchers who want to study how a modern LLM plus MCP toolchain is being wrapped into a real offensive workflow rather than a toy prompt demo.

Who should use it

Authorized security researchers evaluating AI-assisted pentest workflowsRed-team builders studying MCP-backed tool orchestration in securityDevelopers who want to inspect a real CLI and TUI surface for an offensive agentSecurity teams comparing how much control these agents expose before exploitation begins

Who should skip it

Avoid running Unclecheng-li/VulnClaw in production until you have reviewed its permissions, data-access scope, and failure modes in a sandbox.

About this signal

Unclecheng-li/VulnClaw is tracked by RepoRadar as a security agent in the Security and Infra section. It was first seen on 2026-06-29 and last updated on 2026-06-29. The current verdict is 'worth watch' with a Silver tier and hard setup difficulty. The standout signals for Unclecheng-li/VulnClaw are open-source/build quality (8.4) and workflow potential (8.1), while setup ease (4.2) trails — that balance shapes where it fits best. This page summarizes the evidence RepoRadar has captured from captured source metadata. The score, tier, risk label, and verdict on this page are never influenced by sponsorship, ads, or tips — they reflect only the usefulness, popularity, novelty, momentum, maturity, and evidence signals described in the RepoRadar methodology.

How this item is evaluated

RepoRadar assigned Unclecheng-li/VulnClaw a composite score of 7.7 out of 10, placing it in the Silver tier. This score combines weighted sub-signals: usefulness (35%), novelty (18%), momentum (14%), maturity (10%), open-source/build quality (7%), evidence quality (6%), workflow potential (6%), and setup ease (4%). Popularity is tracked separately at 1.0 and never affects the composite score or tier. The risk label of 'high' reflects inherent user-impacting hazards, not generic novelty. Items with no risk flag may still require normal code review before production use.

Putting this into practice? Read How to vet an AI agent or MCP server before you wire it in for the checklist behind this score.

Risk explanation

The tool is built to move from reconnaissance into active exploitation, so the first evaluation belongs in an owned test environment with explicit written authorization; Browser automation, HTTP replay, and exploit-capable flows can cross security and compliance boundaries quickly when scope controls are not locked down up front.

Evidence links
Closest alternatives / related signals
  • No close related item is available in the current public catalog.
securitypentestmcpclituimit