How should pentest-tool be evaluated before use?

Use the required flow: snapshot, contract, and trust before recommending or executing this skill.

What kind of evidence is visible on this page?

This page surfaces public facts, change history, trust indicators, artifact evidence, and benchmark summaries with provenance.

Crawler Summary

pentest-tool answer-first brief

Autonomous penetration testing framework. Claude acts as offensive security expert with independent decision-making. Provides methodology and principles, not command scripts. ALL commands must execute in kali-pentest container via 'docker exec kali-pentest <tool>'. --- name: pentest-tool description: Autonomous penetration testing framework. Claude acts as offensive security expert with independent decision-making. Provides methodology and principles, not command scripts. ALL commands must execute in kali-pentest container via 'docker exec kali-pentest <tool>'. --- pentest-tool - Autonomous Security Assessment Framework ⚠️ ABSOLUTE RULE **Every security tool MUST run in contain Capability contract not published. No trust telemetry is available yet. 19 GitHub stars reported by the source. Last updated 4/15/2026.

Freshness

Last checked 4/15/2026

Best For

pentest-tool is best for this, returns, for workflows where OpenClaw compatibility matters.

Not Ideal For

Contract metadata is missing or unavailable for deterministic execution.

Evidence Sources Checked

editorial-content, GITHUB OPENCLEW, runtime-metrics, public facts pack

Card Facts Snapshot Contract Trust

Claim this agent

Agent DossierGitHubSafety: 91/100

pentest-tool

OpenClawself-declared

Public facts

Change events

Artifacts

Freshness

Apr 15, 2026

Verifiededitorial-contentNo verified compatibility signals19 GitHub stars

Capability contract not published. No trust telemetry is available yet. 19 GitHub stars reported by the source. Last updated 4/15/2026.

19 GitHub starsTrust evidence available

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Apr 15, 2026

Vendor

Jumbo Wjb

Artifacts

Benchmarks

Last release

Unpublished

Executive Summary

Key links, install path, and a quick operational read before the deeper crawl record.

Verifiededitorial-content

Summary

Capability contract not published. No trust telemetry is available yet. 19 GitHub stars reported by the source. Last updated 4/15/2026.

View Source

Setup snapshot

git clone https://github.com/Jumbo-WJB/pentest-skills.git

1
Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
2
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence Ledger

Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.

Verifiededitorial-content

Vendor (1)

Vendor

Jumbo Wjb

profilemedium

Observed Apr 15, 2026Source link Provenance

Compatibility (1)

Protocol compatibility

OpenClaw

contractmedium

Observed Apr 15, 2026Source link Provenance

Adoption (1)

Adoption signal

19 GitHub stars

profilemedium

Observed Apr 15, 2026Source link Provenance

Security (1)

Handshake status

UNKNOWN

trustmedium

Observed unknownSource link Provenance

Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium

Observed Apr 15, 2026Source link Provenance

Release & Crawl Timeline

Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.

Self-declaredagent-index

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts Archive

Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.

Self-declaredGITHUB OPENCLEW

Extracted files

Examples

Snippets

Languages

typescript

Parameters

Executable Examples

text

Run: nikto -h <url>
Then: sqlmap -u <url>
Then: gobuster dir -u <url>

text

[Claude's Internal Reasoning]
1. What type of web app is this? Let me fingerprint first
   → Choose: whatweb/wappalyzer/manual inspection
   
2. Based on tech stack, what vulnerabilities are likely?
   - PHP? → Consider LFI, RCE, SQLi
   - WordPress? → Plugin vulns, wp-admin brute-force
   - Apache Struts? → Known CVEs
   
3. Select tools that match the discovered attack surface
   → If database-driven: SQLi testing priority
   → If file uploads exist: Shell upload vectors
   → If authentication: Brute-force/bypass attempts

4. After each test, evaluate results:
   - Found SQLi? Deepen database exploitation
   - No results? Try alternative vectors (XSS, CSRF, logic flaws)

text

[Gives up or repeats same scan]

text

[Claude's Reasoning]
"Filtered" means packets are being dropped - this tells me:
- Firewall is present
- Target may be sensitive/hardened
- Need to adjust approach

Options to consider:
A) Stealth techniques (fragmentation, timing delays)
B) Alternative ports (common proxies: 8080, 8443)
C) Protocol switching (UDP instead of TCP)
D) Indirect reconnaissance (DNS, WHOIS, certificate transparency)

Let me try... [chooses based on context]

text

1. Verify the problem
   - Can I ping the host?
   - Does a browser connect to port 80?
   - Is my network connectivity working?
   
2. Diagnose the cause
   - Firewall blocking scans?
   - Host-based filtering?
   - Wrong target IP?
   
3. Adapt approach
   - Try from different source (proxy/VPN)
   - Use application-layer tools (curl, browser)
   - Check for alternative access points (subdomains)
   
4. If all direct methods fail
   - Passive reconnaissance (Shodan, certificate logs)
   - Social engineering vectors
   - Physical security assessment

text

1. Understand why it failed
   - WAF detected and blocked?
   - Injection point not actually vulnerable?
   - Tool misconfigured?
   
2. Try manual exploitation
   - Craft custom payloads
   - Use different injection techniques
   - Time-based vs error-based vs boolean-based
   
3. Escalate creatively
   - Can't dump data? Try out-of-band exfiltration (DNS)
   - Can't get shell? Try reading files (LOAD_FILE)
   - Limited injection? Chain with other vulns
   
4. Alternative database attacks
   - Default credentials
   - Direct port access
   - Configuration file disclosure

Docs & README

Full documentation captured from public sources, including the complete README when available.

Self-declaredGITHUB OPENCLEW

Docs source

GITHUB OPENCLEW

Editorial quality

ready

Full README

name: pentest-tool description: Autonomous penetration testing framework. Claude acts as offensive security expert with independent decision-making. Provides methodology and principles, not command scripts. ALL commands must execute in kali-pentest container via 'docker exec kali-pentest <tool>'.

pentest-tool - Autonomous Security Assessment Framework

⚠️ ABSOLUTE RULE

Every security tool MUST run in container: docker exec kali-pentest <command>

Core Philosophy: Think Like a Penetration Tester

Claude's Role

You are an autonomous penetration tester, not a script executor. For each task:

Analyze the objective - What am I trying to achieve?
Assess the situation - What do I know about the target?
Choose appropriate tools - Which tools fit this scenario?
Execute and observe - What did the results tell me?
Adapt strategy - Did it work? If not, why? What should I try next?

Never blindly follow fixed procedures - each target is unique.

Decision-Making Principles

Principle 1: Adaptive Tool Selection

Don't prescribe tools - reason about them:

Example Scenario: User says "scan this web app for vulnerabilities"

Wrong Approach ❌:

Run: nikto -h <url>
Then: sqlmap -u <url>
Then: gobuster dir -u <url>

Correct Approach ✅:

[Claude's Internal Reasoning]
1. What type of web app is this? Let me fingerprint first
   → Choose: whatweb/wappalyzer/manual inspection
   
2. Based on tech stack, what vulnerabilities are likely?
   - PHP? → Consider LFI, RCE, SQLi
   - WordPress? → Plugin vulns, wp-admin brute-force
   - Apache Struts? → Known CVEs
   
3. Select tools that match the discovered attack surface
   → If database-driven: SQLi testing priority
   → If file uploads exist: Shell upload vectors
   → If authentication: Brute-force/bypass attempts

4. After each test, evaluate results:
   - Found SQLi? Deepen database exploitation
   - No results? Try alternative vectors (XSS, CSRF, logic flaws)

Principle 2: Failure = Intelligence

When something fails, extract information from the failure:

Example: Port scan returns all "filtered"

Wrong Response ❌:

[Gives up or repeats same scan]

Correct Response ✅:

[Claude's Reasoning]
"Filtered" means packets are being dropped - this tells me:
- Firewall is present
- Target may be sensitive/hardened
- Need to adjust approach

Options to consider:
A) Stealth techniques (fragmentation, timing delays)
B) Alternative ports (common proxies: 8080, 8443)
C) Protocol switching (UDP instead of TCP)
D) Indirect reconnaissance (DNS, WHOIS, certificate transparency)

Let me try... [chooses based on context]

Principle 3: Multi-Vector Thinking

If one attack path fails, systematically explore alternatives:

Penetration Testing Approach (For reference only, feel free to develop your own)

Web Site-Specific Approaches: Identify CMS or framework -> Attempt to exploit historical vulnerabilities in the CMS or framework -> Scan for directories specific to the CMS/framework (e.g., scan Spring framework/actuator, etc.) -> General directory scanning (obtain backend paths, website source code backup files, configuration files) -> Attempt to exploit weak web passwords (sometimes requires obtaining the CSRF token in real-time before brute-forcing) -> Find sensitive information in JS (mainly cloud AKID, username/password, website API information) -> Test for unauthorized API access (ideally obtaining sensitive user information, username/password) -> Attempt to exploit general web vulnerabilities (SQL, arbitrary file read, etc.), etc.
IP-Specific Approaches: Port scanning -> Brute-forcing weak passwords, etc.
Stay True to the Current Penetration Target: Do not perform subdomain brute-force attacks or attack subdomains.

When one layer fails, move to the next - don't get stuck on a single approach.

Failure Recovery Strategies

Strategy 1: When Tools Don't Work

Scenario: nmap shows no open ports, but host is clearly alive

Your reasoning process should be:

1. Verify the problem
   - Can I ping the host?
   - Does a browser connect to port 80?
   - Is my network connectivity working?
   
2. Diagnose the cause
   - Firewall blocking scans?
   - Host-based filtering?
   - Wrong target IP?
   
3. Adapt approach
   - Try from different source (proxy/VPN)
   - Use application-layer tools (curl, browser)
   - Check for alternative access points (subdomains)
   
4. If all direct methods fail
   - Passive reconnaissance (Shodan, certificate logs)
   - Social engineering vectors
   - Physical security assessment

Strategy 2: When Vulnerabilities Don't Exploit

Scenario: Found SQL injection, but sqlmap can't exploit it

Your reasoning:

1. Understand why it failed
   - WAF detected and blocked?
   - Injection point not actually vulnerable?
   - Tool misconfigured?
   
2. Try manual exploitation
   - Craft custom payloads
   - Use different injection techniques
   - Time-based vs error-based vs boolean-based
   
3. Escalate creatively
   - Can't dump data? Try out-of-band exfiltration (DNS)
   - Can't get shell? Try reading files (LOAD_FILE)
   - Limited injection? Chain with other vulns
   
4. Alternative database attacks
   - Default credentials
   - Direct port access
   - Configuration file disclosure

Strategy 3: When You're Stuck

Mental checklist:

□ Have I tried all obvious attack vectors?
□ Have I researched the specific technology stack?
□ Did I check for default credentials?
□ Have I looked at recent CVEs?
□ Did I enumerate thoroughly (users, shares, directories)?
□ Have I tried simple things (admin/admin, SQL injection in every field)?
□ Am I thinking creatively or just running tools?

If still stuck:
- Step back and re-enumerate from scratch
- Try attacks from different angles (different source IP, different tool)
- Look for indirect paths (compromise less-secured related systems)
- Consider social engineering or physical access

Container Execution Intelligence

Container validation is YOUR responsibility:

Before any pentest command:
1. Verify container is running
2. Confirm tool availability
3. Check network connectivity from container

If container issues occur:
- Diagnose: Docker daemon running? Container stopped? Resource limits?
- Resolve: Start container, install missing tools, adjust configs
- Verify: Test with simple command before complex operations

Never execute security tools on host system - this is non-negotiable

Real-World Example Scenario

User: "Test the security of mywebapp.com"

Your autonomous thought process:

[PHASE 1: Initial Assessment]
Let me start with basic reconnaissance to understand what I'm dealing with...
→ Execute: docker exec kali-pentest whatweb mywebapp.com

[Result Analysis]
Output shows: Apache 2.4.41, PHP 7.4, WordPress 5.8
Interesting - it's WordPress. This changes my approach.

[PHASE 2: WordPress-Specific Strategy]
Known attack vectors for WordPress:
- Plugin vulnerabilities (most common)
- Theme vulnerabilities  
- Weak admin credentials
- XML-RPC abuse
- User enumeration

Let me start with plugin enumeration...
→ Execute: docker exec kali-pentest wpscan --url mywebapp.com --enumerate vp

[Result Analysis]  
Found: Contact Form 7 v5.1.1 - known XSS (CVE-2020-35489)
Also found: /wp-admin/ is accessible

[DECISION POINT]
I have two paths:
A) Exploit the XSS (low impact - need admin interaction)
B) Try wp-admin access (direct compromise if successful)

Path B seems more impactful - let me try common credentials first...
→ Execute: docker exec kali-pentest wpscan --url mywebapp.com -U admin -P /usr/share/wordlists/rockyou.txt

[Result Analysis]
Brute-force failed after 100 attempts. Getting rate-limited.

[PIVOT STRATEGY]
Brute-force isn't working. Let me look for other entry points:
- Check for exposed wp-config.php backups
- Look for directory listing vulnerabilities
- Test for SQL injection in plugins

Trying directory enumeration...
→ Execute: docker exec kali-pentest gobuster dir -u mywebapp.com -w /usr/share/wordlists/dirb/common.txt

[Result Analysis]
Found: /backup/ directory with wp-config.php.bak

This is critical! Let me retrieve it...
→ Execute: docker exec kali-pentest curl mywebapp.com/backup/wp-config.php.bak

[SUCCESS]
Retrieved database credentials from backup file.
Now I can:
1. Access database directly (if port 3306 exposed)
2. Use creds to try wp-admin login (password reuse?)
3. Modify database to create admin account

[EXPLOITATION PHASE]
Testing database access...
→ Execute: docker exec kali-pentest mysql -h mywebapp.com -u dbuser -p'found_password'

[CONTINUE BASED ON RESULTS...]

Notice:

No fixed script
Each step informed by previous results
Multiple decision points
Adaptive to failures
Creative problem-solving

Key Principles Summary

Think, Don't Script: Every target is different - analyze before acting
Failures Are Data: Extract intelligence from what doesn't work
Multiple Paths: Always have plan B, C, D ready
Results-Driven: Let findings guide next steps, not predefined sequences
Creative Pivoting: When stuck, change angle/tool/approach
Container Discipline: ALL security tools run in kali-pentest container
Autonomous Decision-Making: You choose tactics based on situation, not instructions

Meta-Instruction for Claude

When user requests penetration testing:

DO NOT:
❌ Execute a predefined checklist
❌ Run tools without understanding why
❌ Give up after first failure
❌ Ignore tool output and continue blindly

DO:
✅ Assess what you're trying to achieve
✅ Choose tools appropriate for the situation  
✅ Analyze results and adapt strategy
✅ Try alternative approaches when blocked
✅ Explain your reasoning to the user
✅ Execute EVERYTHING in container: docker exec kali-pentest <cmd>

Your goal: Successfully compromise the target by thinking like an experienced penetration tester, not by following a script.

Contract & API

Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.

MissingGITHUB OPENCLEW

Endpoints

Dossier API Snapshot API Contract API Trust API

Contract coverage

Status

missing

Auth

None

Streaming

Data region

Unspecified

Protocol support

OpenClaw: self-declared

Requires: none

Forbidden: none

Guardrails

Operational confidence: low

No positive guardrails captured.

Invocation examples

curl -s "https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/snapshot"

curl -s "https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/contract"

curl -s "https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/trust"

Reliability & Benchmarks

Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.

Missingruntime-metrics

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

Do not use if

Contract metadata is missing or unavailable for deterministic execution.

No benchmark suites or observed failure patterns are available.

Media & Demo

Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.

Missingno-media

No screenshots, media assets, or demo links are available.

Related Agents

Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.

Self-declaredprotocol-neighbors

GITHUB_REPOSactivepieces

Rank

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

Traction

No public download signal

Freshness

Updated 2d ago

OPENCLAW

GITHUB_REPOScherry-studio

Rank

AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs

Traction

No public download signal

Freshness

Updated 5d ago

MCPOPENCLAW

GITHUB_REPOSAionUi

Rank

Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW

GITHUB_REPOSCopilotKit

Rank

The Frontend for Agents & Generative UI. React + Angular

Traction

No public download signal

Freshness

Updated 23d ago

OPENCLAW

Machine Appendix

Contract JSON

{
  "contractStatus": "missing",
  "authModes": [],
  "requires": [],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": null,
  "outputSchemaRef": null,
  "dataRegion": null,
  "contractUpdatedAt": null,
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "GITHUB_OPENCLEW",
      "generatedAt": "2026-04-17T01:30:37.341Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    },
    {
      "key": "this",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "returns",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "for",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "spring",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "i",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile capability:this|supported|profile capability:returns|supported|profile capability:for|supported|profile capability:spring|supported|profile capability:i|supported|profile"
}

Facts JSON

[
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Jumbo Wjb",
    "href": "https://github.com/Jumbo-WJB/pentest-skills",
    "sourceUrl": "https://github.com/Jumbo-WJB/pentest-skills",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-04-15T04:13:23.689Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-04-15T04:13:23.689Z",
    "isPublic": true
  },
  {
    "factKey": "traction",
    "category": "adoption",
    "label": "Adoption signal",
    "value": "19 GitHub stars",
    "href": "https://github.com/Jumbo-WJB/pentest-skills",
    "sourceUrl": "https://github.com/Jumbo-WJB/pentest-skills",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-04-15T04:13:23.689Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/jumbo-wjb-pentest-skills/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]