Skill

hackthebox

Automates HackTheBox platform for CTF challenges and machines: credential setup, VPN management, agent spawning for exploitation, flag submission, and Slack notifications.

Python

Bash

security

automation

npx claudepluginhub transilienceai/communitytools

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- [workflow.md](reference/workflow.md) — Complete workflow with commands. Read this for each step

Supporting Assets

reference/ai-ml-hopfield-recovery.mdreference/cloudflare-bypass.mdreference/coding-challenges-quickstart.mdreference/coordinator-spawn.mdreference/crypto-lattice-attacks.mdreference/crypto-linear-collapse.mdreference/forensics-c2-traffic-decrypt.mdreference/ics-protocols-quickstart.mdreference/logging-spec.mdreference/mobile-flutter-aot.mdreference/platform-navigation.mdreference/reversing-custom-vm.mdreference/skill-improvement.mdreference/slack-notifications.mdreference/vpn-pool-routing.mdreference/vpn-setup.mdreference/web-bridges-and-protocol-coercion.mdreference/workflow.md

SKILL.md

Similar Skills

ctf

Guides CTF challenge solving across web exploitation, pwn, reverse engineering, crypto, forensics, OSINT, stego with triage bash commands, quick wins, SQLi/LFI checklists.

akira

performing-red-team-with-covenant

Automates Covenant C2 red team operations via API: HTTP/HTTPS listener setup, launcher generation, grunt deployment, task execution, and lateral movement tracking. For authorized security assessments.

asi

hackerone

223

Automates HackerOne bug bounty workflows: parses scope CSVs, deploys parallel pentesting agents per asset, validates PoCs with poc.py and output, generates submission reports. Use for HackerOne program testing.

6 files

communitytools

Stats

Stars223

Forks44

Last CommitApr 30, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Workflow

workflow.md — Complete workflow with commands. Read this for each step

Steps

Get Credentials — python3 .claude/tools/env-reader.py HTB_USER HTB_PASS HTB_TOKEN ANTHROPIC_API_KEY SLACK_BOT_TOKEN HTB_SLACK_CHANNEL_ID
Only for "Machine" kind of competition -> Verify vpn is running, otherwise download the vpn file from HTB and instruct the user on how to enable it
Generate output dirs — mkdir -p YYMMDD_<name>/{recon,findings,logs,artifacts,reports} for each challenge
Login hackthebox.com
If necessary, start the machines
If necessary, check network connectivity to the machines
Spawn and manage coordinator pool — max N concurrent agents, queue-based spawning (new agent spawns when previous completes)
Post-solve Phase 3 — parent orchestrator (not coordinator) always runs /skill-update + Slack after each coordinator returns its PHASE3_SUMMARY (see workflow.md step 8)

References

workflow.md — Workflow overview with credentials, VPN, setup, and coordinator spawn
coordinator-spawn.md — Coordinator agent spawn prompt template (exploitation, flag submission, completion report, stats)
completion-report-schema.md — Challenge completion report structure & template
slack-notifications.md — Slack completion notification format & examples
platform-navigation.md — HTB site navigation guide
vpn-pool-routing.md — VPN pool isolation. Pre-flight check before spawning any machine (release_arena vs dedivip_lab vs others)
vpn-setup.md — VPN connectivity troubleshooting
cloudflare-bypass.md — Cloudflare detection evasion