instavm/security-skills
4000 security reports transformed to Skills you can use with Claude Code / Gemini CLI etc
Deep Analysis
从4000+真实HackerOne漏洞报告中提炼的CLI Agent安全测试技能集,帮助AI代理识别Web应用安全漏洞
Core Features
Technical Implementation
- 基于4000+付费HackerOne漏洞报告的实战经验提炼
- 同时支持Claude Code和Gemini CLI两大主流Agent平台
- 授权的渗透测试和安全审计
- 参与漏洞赏金计划的安全研究
- Web应用安全教育和培训
- 仅限授权测试使用,需配合mitmproxy等流量捕获工具
- 依赖AI Agent的分析能力,结果准确性受模型影响
Security Skills for CLI Agents
A collection of security testing skills built from analyzing 4,000+ paid HackerOne bug bounty reports. These skills can be used with Claude Code, Gemini CLI, or any agent that supports MCP/Skills.
What is this?
This repo contains specialized prompts (skills) that teach AI coding agents how to find real security vulnerabilities. Instead of dumping thousands of bug reports into context, each skill distills the patterns and techniques from hundreds of real-world findings into actionable guidance.
Available Skills
| Skill | Description |
|---|---|
mitm-find-idor |
Find Insecure Direct Object Reference vulnerabilities |
mitm-find-auth |
Detect authentication and authorization issues |
mitm-find-bizlogic |
Identify business logic flaws |
mitm-find-ssrf |
Find Server-Side Request Forgery vulnerabilities |
mitm-find-sqli |
Detect SQL injection patterns |
mitm-find-otp |
Find OTP/2FA bypass vulnerabilities |
mitm-find-pii |
Identify PII exposure issues |
mitm-find-secrets |
Detect leaked secrets and API keys |
mitm-find-callback |
Find callback/webhook security issues |
mitm-find-checksum |
Identify checksum/integrity bypass opportunities |
mitm-find-enumerable |
Find enumerable endpoints and IDs |
mitm-find-insecure |
Detect insecure configurations |
mitm-find-referer |
Find referer-based vulnerabilities |
mitm-list-apis |
List and analyze captured API endpoints |
mitm-subdomains |
Analyze subdomain patterns |
mitm-security-audit |
Run comprehensive security audit |
mitm-report |
Generate security report |
Setup
For Claude Code
Copy skills to your project's .claude/skills/ directory:
mkdir -p .claude/skills
cp *.md .claude/skills/
For Gemini CLI
Copy as commands to .gemini/commands/:
mkdir -p .gemini/commands
cp *.md .gemini/commands/
Usage
-
Start mitmproxy to capture traffic:
mitmdump -w traffic.mitm --set flow_detail=3 2>&1 | tee log.txt & -
Configure your browser/app to proxy through
localhost:8080 -
Browse the target application to capture traffic
-
Ask your AI agent to analyze:
Find security issues in example.com Check for idor and auth issues Run a full security audit
How It Works
Rather than overwhelming the AI with raw bug reports, each skill contains:
- High-value patterns extracted from real bounty-winning reports
- Specific grep/regex patterns to search traffic logs
- Testing methodology with curl examples
- Severity ratings and impact assessment
- False positive guidance
Disclaimer
Only use these tools on systems you have explicit permission to test. Unauthorized security testing is illegal. These skills are intended for:
- Authorized penetration testing
- Bug bounty programs where you have permission
- Security research on your own systems
- Educational purposes
Credits
Built by analyzing 4,000+ paid bug bounty reports from HackerOne's public disclosures.
Related Skills
instavm/coderunner
instavmA secure local sandbox to run LLM-generated code using Apple containers
Secure isolation, privacy protection, multi-model support, well-designed architecture.
instavm/open-skills
instavmOpenSkills: Run Claude Skills Locally using any LLM