security-skills

🥈Silver

Transform 4000 security reports into reusable skills for CLI agents. Use with Claude Code, Gemini CLI, or MCP-compatible agents to automate security testing. Ideal for operations teams to streamline vulnerability assessments.

4570Updated 4mo ago

Intermediate30min to implementautomation

Saves ~120 min per use

Quick InstallView Source

git clone https://github.com/instavm/security-skills.git

Works with:

Claude

Overview

About This Skill

Security Skills is a curated collection of specialized prompts extracted from analyzing over 4,000 paid HackerOne bug bounty reports. Each skill teaches AI coding agents how to identify specific vulnerability patterns—including IDOR, SQL injection, SSRF, authentication bypass, OTP/2FA vulnerabilities, and PII exposure—by condensing real-world attack techniques into actionable guidance. Instead of overwhelming agents with raw security reports, these skills provide high-value patterns, grep/regex search methods, testing methodologies with curl examples, and severity ratings. Operations teams and security researchers use these skills with Claude Code, Gemini CLI, or MCP-compatible agents to automate vulnerability assessments and streamline penetration testing workflows.

How to Use

Install with `npx skills add instavm/security-skills` or copy individual skills to Gemini CLI. Start mitmproxy to capture traffic (`mitmdump -w traffic.mitm`), configure your browser to proxy through localhost:8080, then ask your AI agent to analyze the captured traffic for specific vulnerabilities or run a full audit.

Use Cases

Automated IDOR and authorization vulnerability detection in web applications

SQL injection and SSRF pattern discovery during security assessments

Business logic flaw identification in payment and account systems

OTP/2FA bypass and authentication mechanism testing

Setup & Installation

Quick Install

No install command available. Check the GitHub repository for manual installation instructions.

Alternative Install (Git Clone)

git clone https://github.com/instavm/security-skills

Requirements

Claude Code or compatible AI agent
Works with: Claude

Quick Start Guide

Install the Skill

Copy the install command above and run it in your terminal.

Open Your AI Agent

Launch Claude Code, Cursor, or your preferred AI coding agent.

Try It Out

Use the prompt template or examples below to test the skill.

Customize

Adapt the skill to your specific use case and workflow.

Usage Examples

Prompt Template

Analyze these [SECURITY_REPORTS] and generate 5 reusable CLI skills for [COMPANY] in the [INDUSTRY] sector. Focus on [SPECIFIC_VULNERABILITY_TYPE] vulnerabilities. Ensure each skill includes a clear description, usage instructions, and example commands.

Example Output

# Security Skills for Web Application Vulnerability Assessment

## Skill 1: SQL Injection Detection
**Description**: Automates SQL injection vulnerability scanning in web applications.

**Usage**:
```bash
sql_injection_scan --url [TARGET_URL] --payloads [PAYLOAD_FILE]
```

**Example**:
```bash
sql_injection_scan --url https://example.com/login --payloads sql_payloads.txt
```

## Skill 2: Cross-Site Scripting (XSS) Detection
**Description**: Identifies XSS vulnerabilities in web applications.

**Usage**:
```bash
xss_scan --url [TARGET_URL] --payloads [PAYLOAD_FILE]
```

**Example**:
```bash
xss_scan --url https://example.com/search --payloads xss_payloads.txt
```

## Skill 3: API Endpoint Security Assessment
**Description**: Evaluates security of API endpoints for common vulnerabilities.

**Usage**:
```bash
api_security_assess --url [API_ENDPOINT] --methods [HTTP_METHODS]
```

**Example**:
```bash
api_security_assess --url https://api.example.com/users --methods GET,POST,PUT,DELETE
```