SecSkills

# SecSkills Collect and organize skills related to penetration testing, code auditing, CTF, and other network security-related skills. <br/><br/><br/> Code Audit 12 Penetration testing and vulnerability scanning 13 JS reverse 2 Skills inspection 2 Sample analysis 1 Emergency response 1 Mobile security 2 CTF 1 Red and blue confrontation 1 Reverse engineering 1 Report writing 1 Domain penetration 1 Entertainment 12 WeChat mini program audit 1 MCP 1 Security research 1 A total of 53 items # Security Related | Name | Description | Link | |------|------|------| | java-audit-skills | A collection of Claude Skills focused on Java code auditing, providing automated source code analysis, routing extraction, parameter mapping, and other functions to assist security researchers and developers in conducting security audits of Java Web applications. | [java-audit-skills](https://github.com/RuoJi6/java-audit-skills) | | PHP Code Audit Skill | This repository is a set of white-box code security audit skills for PHP Web, covering the entire process from "route enumeration → authentication modeling → data flow tracking → classification vulnerability audit → evidence consistency verification → report summary"; it can be executed in environments like Cursor using Agent to perform SKILL documentation. | [PHP-Code-Audit-Skill](https://github.com/0xShe/PHP-Code-Audit-Skill) | | skill-dfyx_code_security_review | dfyx_code_security_review is a professional code security audit skill designed for Claude Code, Trae, and other AI clients. It adopts a white-box static analysis methodology and conducts a systematic discovery and verification of security vulnerabilities in source code through a five-stage standardized audit protocol. | [skill-dfyx_code_security_review](https://github.com/EastSword/skill-dfyx_code_security_review) | | PHP_AUDIT_SKILLS | A multi-agent collaborative security audit framework based on Claude Code Agent Teams, covering environment construction, static reconnaissance, dynamic tracking, deep confrontation and utilization, post-penetration association analysis, and report closure, supporting expert-level audits for 21 types of vulnerabilities. | [PHP_AUDIT_SKILLS](https://github.com/yunmengya/PHP_AUDIT_SKILLS) | | java-audit-skill | A professional Java code audit skill | [java-audit-skill](https://github.com/AuroraProudmoore/java-audit-skill) | | zh-audit-skills-hub | A repository of OpenClaw code audit Agent Skills for Chinese users. | [zh-audit-skills-hub](https://github.com/youki992/zh-audit-skills-hub) | | IDA Skill for AI Agent | Let AI Agent analyze malicious samples like a security analyst | [IDA-Skill](https://github.com/miunasu/IDA-Skill) | | CLS-Certify | Possibly the best skill security inspection skill, produced by CocoLoop. | [cls-certify](https://github.com/CatREFuse/cls-certify) | | Sec-Skills | Large model skills related to network security | [Sec-Skills](https://github.com/boqiqibo/Sec-Skills) | | Anna Agent Skills | A professional skill set for AI programming assistants (Windsurf/Cursor), covering full-stack development, security confrontation, reverse engineering, and other fields. | [anna-agent-skills](https://github.com/crispvibe/anna-agent-skills) | | LinuxGun-skill | Linux security emergency response AI inspection skill | [LinuxGun-skill](https://github.com/sun977/LinuxGun-skill) | | SkillGuard | OpenClaw skill security inspection tool | [SkillGuard](https://github.com/Fangwenky/SkillGuard) | | secknowledge-skill | A security testing expert skill for Claude Code / Cursor, condensing 88,636 real vulnerability cases, 5,600+ security research documents, 150 AI security risks, OWASP LLM/ASI/WSTG, and 200+ common security test cases into an immediately callable penetration testing knowledge base. | [secknowledge-skill](https://github.com/Pa55w0rd/secknowledge-skill) | | skill-audit-skills | Claude Skills security audit tool - preventing supply chain poisoning risks | [skill-audit-skills](https://github.com/LeeFeee/skill-audit-skills) | | android-h1 | Mobile security vulnerability mining expert SKILL, based on HackerOne real reports, providing knowledge base for Android and iOS application vulnerability mining, technical details, and code pattern analysis. | [android-h1](https://github.com/s7safe/android-h1) | | SkillSemgrep | Claude Code security scanning skill: scan vulnerabilities with a single Chinese sentence, powered by Semgrep | [SkillSemgrep](https://github.com/KimYx0207/SkillSemgrep) | | FlowDroidSkill | An automated APK security analysis tool based on FlowDroid and Jadx, capable of conducting static taint analysis on APKs, detecting potential data leakage paths, and generating detailed security reports with real source code context. | [FlowDroidSkill](https://github.com/Tr0e/FlowDroidSkill) | | ctf-skills | Agent skills for solving CTF challenges - web vulnerability exploitation, binary file cracking, encryption, reverse engineering, forensics, open-source intelligence (OSINT), etc. | [ctf-skills](https://github.com/ljagiello/ctf-skills) | | threat-modeling | Native AI automated software risk analysis skill, adopting a large language model (LLM)-driven, code-prioritized approach for comprehensive security risk assessment, threat modeling, security testing, penetration testing, and compliance checks. | [threat-modeling](https://github.com/fr33d3m0n/threat-modeling) | | pentest-skills | Leave behind complex command lines and complete professional penetration testing with natural language. Simply describe the test target, and Claude Code will automatically select the appropriate tools, execute commands, and analyze results. | [pentest-skills](https://github.com/crazyMarky/pentest-skills) | | AutoSongshu Agent (自动松鼠) | AutoSongshu is an automated web penetration testing auxiliary agent. It aims to provide security engineers with a "semi-autonomous" penetration testing workbench through large language model (LLM) reasoning capabilities, combined with browser automation and security scanning tools. | [AutoSongshu Agent](https://github.com/Cian233/AutoSongshu) | | sec-skills | Security research skills repository, focusing on defensive security research toolsets. | [sec-skills](https://github.com/Rvn0xsy/sec-skills?tab=readme-ov-file) | | Code Audit | Professional white-box code security audit skills, covering 55+ vulnerability types, dual-track audit model, and multi-agent deep analysis. | [Code Audit](https://github.com/3stoneBrother/code-audit/blob/main/README_CN.md) | | hello_js_reverse_skill | A skill for reverse analysis and crawler confrontation scenarios, building a single workflow around camoufox-reverse MCP: first, use Camoufox anti-detection browser to complete network capture, source code positioning, Hook debugging, and anti-detection verification, and then land on Node.js or Python algorithm reduction and automated calling as needed. | [hello_js_reverse_skill](https://github.com/WhiteNightShadow/hello_js_reverse_skill) | | JS Reverse MCP | JavaScript reverse engineering MCP server, allowing your AI coding assistant (like Claude, Cursor, Copilot) to debug and analyze JavaScript code in web pages. | [JS Reverse MCP](https://github.com/zhizhuodemao/js-reverse-mcp/tree/main) | | reverse-skills | Reverse engineering skills set (Reverse Engineering Skills) , a plugin market for Claude Code providing reverse engineering analysis skills. | [reverse-skills](https://github.com/P4nda0s/reverse-skills) | | ghsa-skill-builder | Let Claude automatically convert GitHub public vulnerability databases and HackerOne Bug Bounty reports into structured security skills (Skills) for code auditing/penetration testing. | [ghsa-skill-builder](https://github.com/yhy0/ghsa-skill-builder) | | dfyx_skills_lab | Security report writing assistant is an intelligent report generation tool focused on the cybersecurity field, capable of automatically generating industry-standard vulnerability analysis reports based on vulnerability numbers, names, or security scanning tool reports. | [dfyx_skills_lab](https://github.com/EastSword/dfyx_skills_lab/tree/main/security_reporter) | | skill-dfyx_code_security_review | dfyx_code_security_review is a professional code security audit skill designed for Claude Code, Trae, and other AI clients. It adopts a white-box static analysis methodology and conducts a systematic discovery and verification of security vulnerabilities in source code through a five-stage standardized audit protocol. | [skill-dfyx_code_security_review](https://github.com/EastSword/dfyx_skills_lab/tree/main/skill-dfyx_code_security_review) | | pentest-skills | Automated penetration agent skills | [pentest-skills](https://github.com/Jumbo-WJB/pentest-skills) | | Security Auditor | Used to review code security vulnerabilities, implement authentication processes, audit OWASP Top 10, configure CORS/CSP headers, handle keys, input validation, SQL injection protection, XSS protection, or any security-related code reviews. | [Security Auditor](https://clawhub.ai/jgarrison929/security-auditor) | | Security Audit Toolkit | Audit codebases and infrastructure for security issues. Used to scan dependency vulnerabilities, detect hard-coded secrets, check OWASP Top 10 issues, verify SSL/TLS, audit file permissions, or review code injection and authentication vulnerabilities. | [Security Audit Toolkit](https://clawhub.ai/gitgoodordietrying/security-audit-toolkit) | | Pentest Api Attacker | Test against OWASP API Security Top 10 APIs, including discovery, authentication abuse, and protocol-specific checks. | [Pentest Api Attacker](https://clawhub.ai/0x-professor/pentest-api-attacker) | | Pentest Auth Bypass | Test against authentication and session management controls for bypass and account takeover scenarios. | [Pentest Auth Bypass](https://clawhub.ai/0x-professor/pentest-auth-bypass) | | Pentest Active Directory | Assess Active Directory identity attack paths, including harvesting, relaying, and delegation abuse. | [Pentest Active Directory](https://clawhub.ai/0x-professor/pentest-active-directory) | | Nmap Pentest Scans | Plan and coordinate authorized Nmap host discovery, port and service enumeration, NSE analysis, and reporting results for targets within the scope. | [Nmap Pentest Scans](https://clawhub.ai/0x-professor/nmap-pentest-scans) | | Security Scanner | Provide automated security scanning and vulnerability detection for web applications, APIs, and infrastructure. Use when you need to scan target vulnerabilities, check SSL certificates, find open ports, detect configuration errors, or perform security audits. Can integrate with nmap, nuclei, and other security tools. | [Security Scanner](https://clawhub.ai/dmx64/security-scanner) | | wxmini-security-audit | WeChat mini-program full-automatic security audit skill, based on Claude Code Agent Teams. 7 agents collaborate, covering sensitive information, API interfaces, encryption analysis, and vulnerability analysis. Adopting a script + LLM dual-layer architecture, scripts ensure coverage, and LLM ensures accuracy. | [wxmini-security-audit](https://github.com/sssmmmwww/wxmini-security-audit) | | DeFiHackLabs-skill | Based on real attack cases and reproduction materials from DeFiHackLabs, precipitate reusable vulnerability analysis processes, classification methods, and defense points to facilitate security research, auditing, and rapid problem location. | [DeFiHackLabs-skill](https://github.com/HToTH/DeFiHackLabs-skill) | <br/> # MCP | Name | Description | Link | |------|------|------| | SO Analyzer MCP | Native library (SO file) analysis tool, supporting Flutter app packet capture. A free and open-source alternative to IDA Pro! | [SO Analyzer MCP](https://github.com/1600822305/so-analyzer-mcp) | <br/> # Entertainment <br/> | Name | Description | Link | |------|------|------| | colleague.skill | Distill the cold farewell into warm skills, welcome to join Cyber Eternal Life! | [colleague.skill](https://github.com/titanwings/colleague-skill) | | nuwa.skill | Nuwa helps you distill anyone's way of thinking, letting Jobs, Musk, Munger, Feynman work for you. | [nuwa.skill](https://github.com/alchaincyf/nuwa-skill) | | X mentor.skill | X mentor.skill - the first "non-human" work of Nuwa. Distill 6 top X creators' methodologies + open-source algorithms and data, refine a complete topic-writing-growth operation manual. Made with nuwa.skill | [X mentor.skill](https://github.com/alchaincyf/x-mentor-skill) | | boss.skill | boss.skills. Put the boss into a token, leaving productivity liberation to yourself. | [boss.skill](https://github.com/vogtsw/boss-skills) | | ex.skill | Distill your ex into an AI skill, using their way to talk to you. | [ex.skill](https://github.com/therealXiaomanChu/ex-skill) | | yourself.skill | Instead of distilling others, distill yourself. Welcome to join digital eternal life! | [yourself-skill](https://github.com/notdog1998/yourself-skill) | | blogger.skill | We want emotional value, not specific people! | [blogger.skill](https://github.com/YourongZhou/chat_with_me) | | anti-distill Skill | Anti-distill Skill: clean up the Skill files you were forced to write, look complete, core knowledge reserved for yourself. Anti-distillation for employee Skills. | [anti-distill Skill](https://github.com/leilei926524-tech/anti-distill) | | cyber fortune-telling Skill | A BaZi and astrology analysis tool based on Claude Code. Collect birth information through interactive dialogue, arrange four pillars of BaZi, and refer to nine classic astrology books for professional analysis. | [cyber fortune-telling Skill](https://github.com/jinchenma94/bazi-skill) | | Yue Lao · Marriage Calculation Skills | Claude Code marriage calculation skills - Yue Lao, using traditional Chinese numerology to help you calculate your marriage. | [Yue Lao · Marriage Calculation Skills](https://github.com/Ming-H/yinyuan-skills) | | Numerologist Skills | This project aims to make large language models (LLMs) accurately understand and apply traditional Eastern numerology (such as Qi Men Dun Jia, Zi Wei Dou Shu). | [Numerologist Skills](https://github.com/FANzR-arch/Numerologist_skills) | | Master-skill | A teaching role generator for Buddhist classics literature based on Buddhist classics. | [Master-skill](https://github.com/xr843/Master-skill) | ## Follow Us <div align="center"> **This project is created and maintained by Dao Yi Security** <br> Scan the QR code to follow the public account and get more security information <img src="gzh.png" width="2739" height="969" alt="Dao Yi Security Public Account"> </div>