Summary
This is a router skill for bug bounty and web security testing that helps you figure out what to look at first instead of spraying random payloads. It triages targets by observable behavior (input reflection, file uploads, API endpoints, auth flows) and routes you to the right specialized skill from a collection covering XSS, SQLi, SSRF, IDOR, JWT attacks, business logic flaws, and about 20 other categories. The routing table is surprisingly practical, linking things like controllable filenames to path traversal or MongoDB syntax exposure to NoSQL injection. Use it when you have a new target and need a methodical starting point, or when you want the AI to stop missing boundary conditions that matter in real engagements.
Install to Claude Code
npx -y skills add yaklang/hack-skills --skill hack --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →First SeenMay 16, 2026
