Stats
Actions
Tags
From cybersec-toolkit
Generates a structured markdown writeup for any completed security workflow (CTF, bug bounty, CVE, DFIR, pentest, etc.) following project conventions.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersec-toolkit:writeup-templateThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This is **MANDATORY** after every substantive security workflow per `CLAUDE.md`.
This is MANDATORY after every substantive security workflow per CLAUDE.md.
Writeups MUST pass markdownlint.
writeups/<category>/<descriptive-case-name>.md
Examples:
writeups/ctf/htb-pilgrimage.mdwriteups/bug-bounty/example-idor.mdwriteups/cve/CVE-2024-xxxx-reproduction.mdwriteups/dfir/suspicious-powershell-investigation.mdwriteups/guided-assessment/example-web-recon.mdIf the directory doesn't exist, create it.
# <Challenge Name>
**Platform/Program:** HTB / TryHackMe / CTF Name / Bug Bounty Program / Lab / Internal Scope
**Category:** Web / Pwn / Crypto / Forensics / CVE / DFIR / Cloud / Mobile / Network / Guided Assessment
**Difficulty/Severity:** Easy / Medium / Hard / Insane / Low / Medium / High / Critical
**Date:** YYYY-MM-DD
## Context / Scope
[What was being investigated and what was authorized.]
## Recon / Analysis
[What we discovered during initial enumeration or analysis. Include exact commands and trimmed output.]
## Exploitation / Validation
[Step-by-step attack path, validation path, exact commands, exact payloads, and exact flags.]
## Dead Ends
[Approaches that didn't work and why. So we don't repeat the mistake.]
## Finding / Result
[The flag, vulnerability, conclusion, or operational result. Do NOT paste credentials.]
## Tools Used
[Bullet list of tools that were key to the solve.]
## Lessons Learned
[1-3 bullets on what to remember next time.]
## Cleanup / Safety Notes
[Cleanup performed, sensitive data handling, or safety notes where relevant.]
we or passive voice. Examples: "Ran nmap", "The binary was stripped", "Found SQLi in the login endpoint".Default project config at .markdownlint.jsonc. Common issues to avoid:
#, not ===)Run before considering done:
npx markdownlint-cli2 "writeups/**/*.md"
npx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkitGenerates CTF/offsec challenge writeups with success paths, flags, and structured failure analysis including root causes and lessons. Outputs to writeup/ and updates MEMORY.md.
Drafts structured security findings from vulnerability observations using grimoire conventions and familiar agent triage context. Guides title construction, severity estimation, and section drafting.
Generates client-facing red-team reports in a canonized Subject/Observations/Description/Impact/Recommendation/PoC structure for external enterprise engagements with DOCX/PDF output.