claude-ai-cyber-security-skills
30 Claude Code Skills + 60+ integrated tools for HackerOne/Bugcrowd bug bounty hunters
30 plug-in skills for Claude Code that walk security researchers through every phase of a bug bounty engagement, from recon and vulnerability testing to writing final reports.
Claude CyberSecurity Skills is a collection of 30 plug-in routines for Claude Code, the AI coding assistant from Anthropic, designed to help security researchers who hunt for vulnerabilities through bug bounty platforms like HackerOne and Bugcrowd. Rather than a list of tools or a methodology document, it wires those tools into Claude so that describing a task in plain English kicks off a structured sequence of steps.
The 30 skills cover five phases of a typical bug bounty engagement. The pre-hunt phase includes skills for choosing which program to target, parsing its scope rules, and building a threat model. The recon phase handles subdomain discovery, finding live hosts, identifying what technology a target runs, pulling endpoints from JavaScript files, and fuzzing for hidden directories. A large middle section covers 15 specific vulnerability classes: IDOR (unauthorized access to other users' data), authentication bypass, account takeover chains, cross-site scripting, SQL injection, SSRF (making a server fetch internal resources), template injection, file upload bypasses, GraphQL weaknesses, JWT token attacks, OAuth flaws, race conditions, subdomain takeover, cache poisoning, and HTTP request smuggling. Three additional skills target newer areas: AI application security, Android app analysis, and cloud storage misconfigurations. The final two skills produce formatted bug reports for HackerOne and Bugcrowd.
In practice, you install the skills into Claude Code's configuration directory, and Claude picks up the right skill based on the phrases you use when describing a task. For example, saying "test SSRF" triggers the SSRF skill, which knows which tools to use and what validation checks to run before recommending you file a report.
The repository also includes shared payload lists for common attack types, custom rule sets for two scanning tools (Nuclei and Semgrep), multi-step playbooks for sequences like finding SSRF and escalating it to remote code execution, and report templates for three bug bounty platforms.
Installation is available via a shell script for Linux or WSL, a PowerShell script for Windows, or a Docker image that comes with the security tools pre-installed.
Where it fits
- Automate subdomain discovery and live host identification during a bug bounty recon phase.
- Test a target for 15 vulnerability classes, including SSRF, XSS, and SQL injection, using structured playbooks.
- Generate properly formatted bug reports ready to submit to HackerOne or Bugcrowd.
- Analyze Android apps and cloud storage buckets for security misconfigurations.