By daothinh
Standardized bounty hunting workflows for web, Android, smart contract, and native targets using Codex-ready security skills from this repo.
Standard bug bounty workflow for Android applications. Use when the target is an APK, rooted-device session, Android backend client, hybrid mobile app, or Firebase-backed mobile target that needs static and dynamic testing.
Standard bug bounty workflow for native code, parsers, binaries, Rust crates, crypto-heavy components, and protocol handlers. Use when the target's primary risk comes from memory safety, parser confusion, FFI boundaries, or timing side channels.
Standard bug bounty workflow for smart contracts across EVM, Vyper, Solana, CosmWasm, Cairo, Substrate, TON, and Algorand targets. Use when auditing privileged entry points, token logic, upgrade paths, or protocol invariants.
Standard intake and routing workflow for bug bounty targets. Use when you need to read program rules, fingerprint a target, map trust boundaries, and choose the correct bounty lane or mixed-surface sequence for web/API, Android, smart contract, native, or agentic workflow review.
Standard bug bounty workflow for web and API targets across JavaScript and TypeScript, Python, Ruby, PHP, Java, Go, and .NET frameworks. Use when reviewing routes, controllers, auth layers, admin panels, background jobs, webhooks, or multi-tenant application logic.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Claude Code and Codex Skills for Software Correctness
Formal verification, model checking, security auditing, proof repair, and benchmarking — as slash commands.
Install every plugin for Claude Code in one command:
npx skills add workersio/spec
Individual plugins can be selected during installation. Once installed, invoke any skill by name inside Claude Code:
/fuzzer Coverage-guided fuzzing with audit-driven harness design
/kage Local pentest sandbox — recon, exploit, verify, judge, report
/kani-proof Write bounded model checker proofs for Rust and Solana
/evm-protocol-audit Run a structured EVM and DeFi protocol audit
/solana-audit Run a structured smart contract security audit
/axiom Verify and repair Lean 4 proofs
/skill-benchmark Benchmark a skill with controlled eval sessions
/workers-app-tester Pentest an Android app on a rooted device
/save Save the current session as a reusable agent
Claude and Codex support are included through repo-local metadata:
.claude-plugin/marketplace.json.agents/plugins/marketplace.jsonplugins/<name>/.codex-plugin/plugin.jsonTo use this repo as a repo-scoped Codex marketplace:
.agents/plugins/marketplace.json can resolve ./plugins/<name> relative to the repo root.codex, then /plugins, open the workersio marketplace, and install the plugins you want.Root plugin ports are managed from the root repo through:
plugins/catalog.json — root inventory for existing plugins and vendored Claude-source portsscripts/sync-root-plugins.mjs — regenerates marketplaces and manifests; it can still copy sourceKind: "skills" entries from skills/plugins/<name> if vendored source trees are reintroducedscripts/validate-root-plugins.mjs — validates manifest parity, marketplace drift, and SKILL.md relative links.codex-port/preserve-paths.json inside any copied plugin — opt-in list of root-only files to restore after re-sync when a plugin gets Codex-specific adaptationsCurrent port policy:
plugins/<name>/ is the source of truth for installable plugin bundles; each bundle composes one or more SKILL.md files under skills/plugins/ but blocked from the Codex marketplace until their hook/MCP/task-specific behavior is portedfp-check, gh-cli, git-cleanup, modern-python, second-opinion, skill-improver, static-analysis, workflow-skill-design, zeroize-auditIf you want the plugins available user-wide and automatically synced to this repo, use the PowerShell installer:
pwsh -ExecutionPolicy Bypass -File .\scripts\install-user-level.ps1 -Mode install
Useful commands:
pwsh -ExecutionPolicy Bypass -File .\scripts\install-user-level.ps1 -Mode status
pwsh -ExecutionPolicy Bypass -File .\scripts\install-user-level.ps1 -Mode uninstall
pwsh -ExecutionPolicy Bypass -File .\scripts\install-user-level.ps1 -Mode install -Force
-Force backs up conflicting user-level paths to *.backup-YYYYMMDD-HHMMSS before replacing them with junctions.
To sync the repo's reusable security agents under .codex/agents together with the plugin links after future updates, run:
npx claudepluginhub daothinh/spec-cdex --plugin bounty-hunting-programsConvert sessions into reusable agents
Structured Solana smart contract security audits
A comprehensive static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection.
Security-focused differential review of code changes with git history analysis and blast radius estimation.
Write Kani bounded model checker proofs for Solana and Rust programs
Harness-native ECC operator layer - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
Core skills library for Claude Code: TDD, debugging, collaboration patterns, and proven techniques
Plugin-safe Claude Code distribution of Agentic Awesome Skills with 1,913 supported skills.
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Tools to maintain and improve CLAUDE.md files - audit quality, capture session learnings, and keep project memory current.
A growing collection of Claude-compatible academic workflow bundles. Covers scientific figures, manuscript writing and polishing, reviewer assessment, citation retrieval, data availability, paper reading, literature search, response letters, paper-to-PPTX conversion, and evidence-grounded Chinese invention patent drafting. Rules are organized as reusable skill folders with explicit workflows and quality checks.