hacking-skills
Claude Code skills for finding bugs and vulnerabilities — bug bounty, pentest, CTF, code review.
Structure
.claude-plugin/
marketplace.json ← plugin collections for distribution
skills/
meta/ ← skill generation and self-improvement tooling
distill-skill/
observe-skill/
amend-skill/
web/ ← web application security
recon/
auth/
session/
authz/
injection/
client-side/
logic/
mobile/ ← mobile security (Android + iOS)
storage/
crypto/
auth/
network/
platform/
code/
resilience/
cicd/ ← CI/CD pipeline security
Agents
Role-based agents that orchestrate skills into a full engagement workflow.
Skills Graph
SKILLS_GRAPH.md — a map of content (MOC) showing attack chains, topic clusters, and cross-domain patterns. Start here when you need to plan a testing approach or understand how skills relate to each other.
Plugin Collections
| Collection | Skills | Description |
|---|
web | 28 | Web application security — recon, auth, session, authz, injection, client-side, logic |
mobile | 7 | Mobile security methodology (Android + iOS) — install for mobile coverage |
cicd | 5 | CI/CD pipeline attack techniques — install for supply chain testing |
meta | /distill-skill, /observe-skill, /amend-skill | Skill generation, run logging, and self-improvement |
Skills
Meta
| Skill | Description |
|---|
| distill-skill | Extract reusable offensive knowledge from any source → SKILL.md |
| observe-skill | Log skill run outcomes to observations/<skill-name>/runs.md |
| amend-skill | Inspect failure history and propose targeted amendments to a skill |
web — Web Application Security
Recon
Auth
Session
Authz