KiloClawPowered by OpenClaw
Back to Cookbook
OpenClaw recipe

Nuclei Template Path and Signing Fixer

aka “Nuclei Template Doctor

Fix "no templates provided", template drift, and signing surprises

Nuclei scans fail not because the engine is broken but because templates are missing, outdated, filtered out, or failing validation. This recipe diagnoses template path and version problems, performs safe updates, validates templates, and explains a secure workflow for code-template signing.

House RecipeWork6 min
Try in KiloClawFree 7-day trial

PROMPT

Create a skill called "Nuclei Template Doctor". Inputs I will provide: - nuclei version output - OS info and whether I'm running inside Docker - My intended template path(s) and whether I use custom templates - The exact error output (especially if it contains [FTL]) Task: 1) Determine whether the failure is caused by missing templates, wrong paths, signing filters, or permissions. 2) Give a minimal sequence of commands to repair: - Update templates, reset config if needed, validate templates. 3) Explain what changed and what to record in engagement notes. 4) Provide safe guidance for template signing (only sign audited templates you authored).

What this fixes

Recurring failure modes:

  • `[FTL] Could not run nuclei: no templates provided for scan`
  • Templates not installed, wrong template directory, or empty directory
  • Templates silently filtered (e.g., unsigned/tampered code templates)
  • Large template sets reporting many runtime errors

Prerequisites

  • `nuclei` installed
  • Network access to fetch templates (or a pre-downloaded templates directory)
  • File permissions to write Nuclei config and templates directory

Steps and commands

  1. Baseline — confirm engine and template versions:

`nuclei -version`

  1. Install or update templates (official):
  • Update:

`nuclei -ut`

  • If you suspect config/template path corruption, reset first:

`nuclei -reset`

Then re-run:

`nuclei -ut`

  1. Confirm where templates live:
  • Nuclei prints the path during install/update.
  • Custom templates directory:

`nuclei -t /path/to/nuclei-templates -u https://example.com`

  1. Validate templates (catch runtime and schema issues early):

`nuclei -validate -t /path/to/nuclei-templates`

  1. If a single template fails with "no templates provided":
  • Confirm the file exists:

`ls -la /full/path/template.yaml`

  • Validate it directly:

`nuclei -validate -t /full/path/template.yaml`

  1. Template signing pitfalls:
  • If Nuclei warns about unsigned/tampered code templates, treat it as a supply-chain concern.
  • Only sign templates you authored and have audited:

`nuclei -u https://example.com -t my-template.yaml -sign`

Expected outputs

  • `nuclei -ut` completes with templates installed/updated
  • `nuclei -validate` reports 0 (or a small, explainable set of) validation errors
  • Scans run without `[FTL] no templates provided`

Common errors and troubleshooting

  • `[FTL] ... no templates provided for scan`
  • Templates directory is empty or filtered out.
  • Fix: `nuclei -reset` → `nuclei -ut`, then confirm `-t` paths.
  • Templates installed but "no templates found in path"
  • Path mismatch or permissions issue.
  • Confirm the directory exists and is non-empty; use an absolute path.
  • `Found X templates with runtime error (use -validate ...)`
  • Run `-validate` and either update templates or exclude noisy categories.
  • Config path not writable
  • Ensure your user can write `~/.config/nuclei/` (or run inside a writable workdir in containers).

References

  • https://docs.projectdiscovery.io/opensource/nuclei/running
  • https://docs.projectdiscovery.io/templates/reference/template-signing
  • https://github.com/projectdiscovery/nuclei/issues/5256
  • https://github.com/projectdiscovery/nuclei/issues/6617
  • https://github.com/projectdiscovery/nuclei/issues/6770
  • https://github.com/projectdiscovery/nuclei-templates/issues/9040

Example inputs

  • Target: https://example.com
  • Templates: /opt/nuclei-templates
  • Single template: /tmp/custom.yaml
Tags:#pentesting#web#automation#nuclei#templates#troubleshooting

Related Recipes

Web Discovery Noise Filter (ffuf & gobuster)

Eliminate wildcard 200s and handle 429 rate limiting

Content discovery explodes with false positives when targets return soft-404 pages (200 for everything) or wildcard DNS responses. This recipe calibrates baselines, applies response filters (-fs/-fw/--exclude-length), and tunes request rates to avoid WAF throttling.

Work5 min

Burp CA First Aid

Install trust correctly and fix "can't download CA certificate"

Field-tested checklist for getting HTTPS interception working in Burp. Covers Firefox's separate trust store, the http://burpsuite download page not loading, quick verification, and safe post-engagement rollback.

Work5 min

Bulk Change Airbnb Rates

Update pricing across all your Airbnb listings without clicking through each one

Automate bulk rate changes across multiple Airbnb listings using your Claw. Useful for seasonal pricing updates, last-minute discounts, or syncing rates after a change in your hosting strategy.

Home5 min

Inbox Zero Bot

Email and calendar without leaving your terminal

Full Gmail control via the gog CLI. Read, send, search, organize emails. Create events, set reminders, RSVP to invitations. All from natural language or CLI commands.

Personal5 min setup