Stats
Actions
Available In
Tags
Plugin
finding-triage
Validate and triage Hacktron security findings against source code and a live deployment, distinguishing true from false positives, adjusting severity, and committing fixes or updating finding states via the Hacktron API.
README
Hacktron Skills
Community-maintained skills for offensive and defensive security capabilities. Built for security researchers, engineers, and bug hunters.
What are Skills?
Skills extend AI agents with specialized security capabilities. When enabled, skills provide domain-specific instructions, scripts, and references that help agents perform complex security tasks.
This repository follows the Agent Skills specification.
Usage
With Claude Code
This repo is also a Claude Code plugin marketplace. Each skill is installable as a plugin.
# Register the marketplace
/plugin marketplace add HacktronAI/skills
# Browse and install from the menu
/plugin menu
# Or install a specific skill directly
/plugin install finding-triage@hacktron
Install from a local clone instead:
git clone https://github.com/HacktronAI/skills.git
# From the parent directory of the clone
/plugin marketplace add ./skills
/plugin install finding-triage@hacktron
With Hacktron CLI
# Pull the skills registry
hacktron skills pull
# List available skills
hacktron skills list
# Enable a skill
hacktron skills enable patch-diff-analyzer
# Disable a skill
hacktron skills disable patch-diff-analyzer
With Hacktron VSCode Extension
Skills are automatically discovered and can be enabled/disabled from the extension settings.
Available Skills
| Skill | Description | Sources |
|---|---|---|
| finding-triage | Interactively triage Hacktron findings against source (and optionally a live deployment), then fix + commit confirmed issues or set their state in Hacktron | - |
| patch-diff-analyzer | Reverse-engineer compiled binaries (JARs, DLLs) to analyze security patches | - |
Compatible Skill Repositories
Skills from other repositories that follow the Agent Skills specification can be used with Hacktron:
- SecOpsAgentKit - 25+ security operations skills including SAST, DAST, container scanning, and secret detection
- Raptor Skills - Additional security research skills
To use skills from other repositories, manually copy them into ~/.hacktron/skills/:
# Copy individual skills from other repos
cp -r /path/to/other-repo/skill-name ~/.hacktron/skills/
Security Warning: Skills can execute arbitrary commands on your machine. Always review the
SKILL.mdand any scripts before adding skills from third-party sources. Only the official HacktronAI/skills repository is reviewed and validated for security.
Note: The
hacktron skills pullcommand only pulls from the official HacktronAI/skills repository. Third-party skills must be manually copied to ensure users consciously review what they're installing.
Creating Skills
Skills follow the Agent Skills specification. Each skill is a directory containing:
skill-name/
├── SKILL.md # Required - YAML frontmatter + instructions
├── scripts/ # Optional - executable scripts
├── references/ # Optional - additional documentation
└── assets/ # Optional - templates, data files
SKILL.md Format
---
name: skill-name
description: What the skill does and when to use it.
license: MIT
compatibility: Required tools or environment
metadata:
author: your-name
version: "1.0.0"
---
# Skill Name
Instructions for the agent...
Contributing
- Fork this repository
- Create your skill following the spec
- Test with
hacktron skills enable your-skill - Open a PR
All skills are reviewed for security before being merged.
License
MIT
Stats
Version2.0.0
LanguageShell
Stars103
Forks11
MaintenanceGood
LicenseMIT
Last Commit
Added
Available In
