security-bounty-hunter

by affaan-m

security-bounty-hunter helps you find bounty-worthy vulnerabilities in repositories, with a focus on remotely reachable, user-controlled issues that are likely to survive triage. Use it for Security Audit work when you want practical reportable findings instead of noisy local-only concerns.

Stars156.3k

Favorites0

Comments0

AddedApr 15, 2026

CategorySecurity Audit

Install Command

npx skills add affaan-m/everything-claude-code --skill security-bounty-hunter

Curation Score

This skill scores 68/100, which means it is listable and likely useful for agents doing bounty-oriented security triage, but users should expect moderate workflow gaps. The repository clearly narrows the task to remotely reachable, bounty-worthy issues and gives concrete vulnerability patterns, yet it lacks supporting files and a full end-to-end operational scaffold that would make installation decisions easier.

68/100

Strengths

Strong task focus on bounty-relevant, remotely reachable vulnerabilities instead of broad theoretical review.
Concrete in-scope patterns with CWE mappings and typical impact help an agent target useful findings quickly.
Clear 'When to Use' guidance makes the trigger more actionable for disclosure and bounty workflows.

Cautions

No scripts, references, resources, or install command, so operational support and reproducibility are limited.
The truncated 'Skip These' section and lack of auxiliary files leave some edge-case handling and execution details unclear.

Security Audit Github Code Vulnerability Discovery

Overview

Overview of security-bounty-hunter skill

security-bounty-hunter is a focused skill for finding bounty-worthy vulnerabilities in real repositories, with an emphasis on issues that are remotely reachable, user-controlled, and likely to survive triage. It is best for people doing Security Audit work who need more than a generic “look for bugs” prompt and want a workflow that favors reportable findings over noisy, local-only concerns.

What it is built to find

The security-bounty-hunter skill prioritizes exploitable paths such as SSRF, auth bypass, SQL injection, command injection, path traversal, remote deserialization, upload-to-RCE chains, and auto-triggered XSS. That makes it useful when the real question is whether a finding can support a responsible disclosure or bounty submission.

Who should use it

Use this security-bounty-hunter skill if you are reviewing an app, package, or API and need fast triage on whether there is a plausible security report. It is especially useful for researchers, red teamers, bug bounty hunters, and engineers checking whether a codebase has high-impact exposure.

What makes it different

The main value is judgment: it pushes the model to ignore patterns that are technically unsafe but unlikely to matter in an actual submission. That keeps attention on reachable attack paths, exploitability, and impact, which is what usually blocks a bounty from being accepted.

How to Use security-bounty-hunter skill

Install and activate it

Use the security-bounty-hunter install command in your skill manager, then point it at the repository you want assessed. The key is to frame the task as a security audit with a bounty lens, not as a broad code review.

Give it the right input

Start with a concrete target, scope, and goal. Strong prompts look like: “Audit this Node API for remotely reachable bugs that could qualify for a bounty; prioritize auth bypass, injection, file access, and SSRF; ignore style issues and low-impact local-only findings.” That input helps the skill make the same tradeoffs a bounty reviewer would make.

Read the right files first

Begin with SKILL.md, then inspect README.md, AGENTS.md, metadata.json, and any rules/, resources/, references/, or scripts/ folders if they exist. For this repository, the key source is SKILL.md; there are no extra support folders, so most of the useful guidance comes from the skill body itself.

Use a workflow that narrows quickly

A good security-bounty-hunter usage flow is: identify the app surface, locate trust boundaries, trace user input into sensitive operations, and then test whether the path is reachable without privileged access. Ask for “bounty-worthiness” explicitly so the output weighs exploitability, exposure, and submission value, not just theoretical weakness.

security-bounty-hunter skill FAQ

Is security-bounty-hunter only for advanced auditors?

No. It is beginner-friendly if you already know the target stack or can describe the repository clearly. The skill does the most work when you give it a specific codebase and ask it to focus on practical exploit paths rather than abstract hardening advice.

How is this different from a normal prompt?

A normal prompt often produces a broad checklist. The security-bounty-hunter skill is narrower: it biases analysis toward findings that are remotely reachable, impactful, and more likely to be accepted in Security Audit or bug bounty contexts.

When should I not use it?

Do not use it when you want general secure coding guidance, compliance review, or a full architecture assessment. It is also a poor fit if you need exhaustive coverage of every minor issue instead of a ranked search for reportable vulnerabilities.

Will it work on any repository?

It works best on web apps, APIs, services, and codebases with clear request handling or data flows. It is less useful on static content, tiny utilities, or repos where there is no realistic attack surface to audit.

How to Improve security-bounty-hunter skill

Give stronger scope and constraints

The best security-bounty-hunter results come from specifying what matters: target language, entry points, auth model, deployment context, and what counts as in scope. For example, “Review only internet-facing endpoints and ignore internal-only admin tooling” produces better prioritization than a vague “find vulnerabilities.”

Ask for report-ready output

If you want a useful Security Audit result, request evidence, exploitability, impact, and why the issue is bounty-worthy. That encourages the skill to explain attack paths instead of just naming CWE labels.

Provide code paths, not just a repo name

If you already know suspicious files, handlers, or routes, include them in the prompt. A prompt like “Inspect src/routes/upload.ts and anything it calls for path traversal or SSRF” is much stronger than asking the model to search blindly.

Iterate on the first pass

Use the first output to prune low-value leads, then ask for deeper validation on the best candidates. The most common failure mode is overbroad scanning; the best fix is to narrow the search to one attack class, one trust boundary, or one endpoint family at a time.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

security-review

by affaan-m

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

Security Audit

Favorites 0GitHub 156.3k

django-security

by affaan-m

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

Security Audit

Favorites 0GitHub 156.1k

supabase-postgres-best-practices

by supabase

supabase-postgres-best-practices is a Supabase Postgres optimization skill for query tuning, indexing, schema design, RLS performance, locking, and connection management.

Database Engineering

Favorites 0GitHub 1.7k

audit-website

by squirrelscan

The audit-website skill uses the squirrel CLI to audit websites and webapps across 230+ rules for SEO, technical, content, performance, security, links, and site health, then returns actionable LLM-ready reports.

UX Audit

Favorites 0GitHub 68

skill-comply

by affaan-m

skill-comply is a compliance-testing skill that checks whether an agent follows a skill, rule, or agent definition in real runs. It generates specs from markdown, runs three prompt strictness levels, classifies tool-call timelines, and reports compliance rates with evidence. Useful for skill-comply for Compliance Review.

Compliance Review

Favorites 0GitHub 156.3k

security-scan

by affaan-m

The security-scan skill audits your Claude Code .claude/ configuration for secrets, risky MCP setup, injection-prone instructions, dangerous bypass flags, and weak agent or hook definitions using AgentShield. Use it for repeatable security checks before committing or onboarding.

Security Audit

Favorites 0GitHub 156.3k

perl-security

by affaan-m

perl-security helps you review Perl code for safer input handling, taint mode, shell execution, DBI placeholders, and web security issues like XSS, SQLi, and CSRF. Use this perl-security skill for Security Audit work, remediation planning, and secure development when user-controlled data reaches sensitive sinks.

Security Audit

Favorites 0GitHub 156.2k

laravel-security

by affaan-m

The laravel-security skill is a practical Laravel security checklist for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment. Use it for audits, feature reviews, and hardening work in Laravel apps.

Security Audit

Favorites 0GitHub 156.2k

healthcare-eval-harness

by affaan-m

healthcare-eval-harness is a patient safety evaluation harness for healthcare app deployments. It helps teams verify CDSS accuracy, PHI exposure, data integrity, clinical workflow behavior, and integration compliance before release. Critical failures block deployment, making it useful for healthcare-eval-harness for Model Evaluation and CI safety gates.

Model Evaluation

Favorites 0GitHub 156.2k

github-ops

by affaan-m

github-ops is a GitHub operations skill for triaging issues, managing PRs, checking CI failures, preparing releases, and monitoring repository health with the gh CLI. Use the github-ops skill when you need repeatable github-ops usage for a real repository, with auth via gh auth login and clear repo context.

Github

Favorites 0GitHub 156.2k

ecc-tools-cost-audit

by affaan-m

ecc-tools-cost-audit is an evidence-first audit skill for ECC Tools cost spikes, runaway PR creation, quota bypass, premium-model leakage, and duplicate jobs. Use it for Backend Development investigations that trace a request from webhook to worker to billing decision and prove where spend is being created.

Backend Development

Favorites 0GitHub 156.1k

defi-amm-security

by affaan-m

defi-amm-security is a focused security checklist for Solidity AMMs, liquidity pools, LP vaults, and swap flows. It helps auditors and engineers review reentrancy, CEI ordering, donation or inflation attacks, oracle assumptions, slippage, admin controls, and integer math with less guesswork than a generic prompt.

Security Audit

Favorites 0GitHub 156.1k

code-reviewer

by Shubhamsaboo

code-reviewer is an AI code review skill that follows a strict review order: security, performance, correctness, and maintainability. It uses rule files for SQL injection, XSS, N+1 queries, error handling, naming, and type hints, making PR reviews more consistent than a generic review prompt.

Code Review

Favorites 0GitHub 104.2k

stride-analysis-patterns

by wshobson

stride-analysis-patterns helps agents run a structured STRIDE threat-modeling pass for architectures, APIs, and data flows. Install from the wshobson/agents repo, read the SKILL.md file, and use it to turn system descriptions into categorized threats and control-focused review output.

Threat Modeling

Favorites 0GitHub 32.6k

anti-reversing-techniques

by wshobson

anti-reversing-techniques is a reverse-engineering skill for authorized malware analysis, CTF work, packed binary triage, and security audits. It helps you identify anti-debugging, anti-VM, packing, and obfuscation patterns, then choose a practical analysis workflow using the core skill and advanced reference.

Security Audit

Favorites 0GitHub 32.6k

k8s-security-policies

by wshobson

k8s-security-policies helps teams draft Kubernetes NetworkPolicy, Pod Security Standards labels, and RBAC patterns using repo-backed templates and references for hardening and audit-ready rollout planning.

Security Audit

Favorites 0GitHub 32.6k