Summary
Teaches Claude to exploit PHP's loose comparison operators and type coercion rules, the kind of stuff that shows up in legacy codebases and CTF challenges. When you hit authentication or token validation that uses `==` instead of `===`, this walks through magic hash collisions (like `md5('240610708') == md5('QNKCDZO')` both evaluating to 0e scientific notation), HMAC bypass via numeric coercion, and classic tricks like passing arrays to `strcmp`. Includes version-specific behavior across PHP 5, 7, and 8, since `0 == "foo"` changed semantics. The routing is sharp: it tells Claude to check for loose equality sinks first, then map to the right payload table. Honestly most useful for security audits and explaining why `hash_equals` exists, but the reference tables alone are worth keeping around.
Install to Claude Code
npx -y skills add yaklang/hack-skills --skill type-juggling --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →First SeenJun 3, 2026
