0X6C7879/ctf-writeup
skills/ctf-writeup/SKILL.md
Generates a single standardized submission-style CTF writeup for competition handoff and organizer review. Use after solving a CTF challenge to document the solution steps, tools used, and lessons learned in a structured format.
$ install --global
skillsauthnpx skillsauth add 0X6C7879/aegissec ctf-writeupInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 4:45 AM148.5s1 file scanned
SKILL.md
- name:
- ctf-writeup
- description:
- Generates a single standardized submission-style CTF writeup for competition handoff and organizer review. Use after solving a CTF challenge to document the solution steps, tools used, and lessons learned in a structured format.
- license:
- MIT
- compatibility:
- Requires filesystem-based agent (Claude Code or similar) with bash and Python 3.
- allowed-tools:
- Bash Read Write Edit Glob Grep Task WebFetch WebSearch
- user-invocable:
- true
- argument-hint:
- [challenge-name]
CTF Write-up Generator
Generate a standardized submission-style CTF writeup for a solved challenge.
Default behavior:
- During an active competition, optimize for speed, clarity, and reproducibility
- Keep writeups short enough that a teammate or organizer can validate the solve quickly
- Always produce a
submission-style writeup - Prefer one complete solve script from challenge data to final flag
Workflow
Step 1: Gather Information
Collect the following from the current session, challenge files, and user input:
- Challenge metadata — name, CTF event, category, difficulty, points, flag format
- Solution artifacts — exploit scripts, payloads, screenshots, command output
- Timeline — key steps taken, dead ends, pivots
# Scan for exploit scripts and artifacts
find . -name '*.py' -o -name '*.sh' -o -name 'exploit*' -o -name 'solve*' | head -20
# Check for flags in output files
grep -rniE '(flag|ctf|eno|htb|pico)\{' . 2>/dev/null
Step 2: Generate Write-up
Write the writeup file as writeup.md (or writeup-<challenge-name>.md) using the submission template below.
Templates
Submission Format
---
title: "<Challenge Name>"
ctf: "<CTF Event Name>"
date: YYYY-MM-DD
category: web|pwn|crypto|reverse|forensics|osint|malware|misc
difficulty: easy|medium|hard
points: <number>
flag_format: "flag{...}"
author: "<your name or team>"
---
# <Challenge Name>
## Summary
<1-2 sentences: what the challenge was and the core technique. Keep it direct.>
## Solution
### Step 1: <Action>
<Explain the key observation in 3-8 short lines. Keep it direct.>
\`\`\`python
<one complete solving script from provided challenge data to printing the final flag>
\`\`\`
### Step 2: <Action> (optional)
<Only add this when a second short step genuinely helps readability, such as separating the core observation from final verification.>
### Step 3: <Action> (optional)
<Use only if the challenge really needs it. Keep the total number of steps small.>
## Flag
\`\`\`
flag{example_flag_here}
\`\`\`
Guidance:
- Prefer 1-3 short steps total
- Keep code to the smallest complete solving script
- Do not split "recover secret", "derive key", and "decrypt flag" into separate partial snippets
- The script should start from the challenge data and end by printing the flag
- Avoid long background sections
- Avoid dead ends unless they explain a key pivot
- Avoid multiple alternative solves; pick one clean path
- Redact the flag only if the user explicitly asks for redaction
Best Practices Checklist
Before finalizing the writeup, verify:
- [ ] Metadata complete — title, CTF, date, category, difficulty, points, author all filled
- [ ] Flag handling matches request — keep the real flag unless the user asked for redaction
- [ ] Reproducible steps — a reader can follow your writeup and reproduce the solution
- [ ] Code is runnable — exploit scripts include all imports, correct variable names, and comments
- [ ] No sensitive data — no real credentials, API keys, or private infrastructure details
- [ ] Length stays concise — the writeup is short enough for fast review
- [ ] Tools and versions noted — mention specific tool versions if behavior depends on them
- [ ] Proper attribution — credit teammates, referenced writeups, or tools that were essential
- [ ] Grammar and formatting — consistent heading levels, code blocks have language tags
Quality Guidelines
DO:
- Explain just enough for fast verification
- Include one complete solving path, not multiple alternative routes
- Include one complete script that goes all the way to the final flag
- Show actual output (truncated if very long) to prove the approach worked
- Tag code blocks with language (
python,bash,sql, etc.) - Keep the main path front-loaded so a reader can validate it quickly
DON'T:
- Copy-paste raw terminal dumps without explanation
- Paste several partial snippets that force the reader to reconstruct the final solve
- Leave placeholder text in the final writeup
- Include irrelevant tangents that don't contribute to the solution
- Assume the reader knows the specific challenge setup
Challenge
$ARGUMENTS
Related Skills
0X6C7879/wooyun-legacy
development
VerifiedTrustedCommunity
WooYun-derived business-logic testing methodology for web apps and APIs. Use when the request involves 支付、退款、订单、越权、认证、授权、价格篡改或业务流程绕过 review, especially black-box probing for price tampering, account takeover, and process bypass flaws.
2SKILL.mdUpdated Apr 28, 2026
0X6C7879/windows-privilege-escalation
tools
VerifiedTrustedCommunity
Escalate privileges on Windows systems using service misconfigurations, DLL hijacking, token manipulation, UAC bypasses, registry exploits, and credential dumping. Use when performing Windows post-exploitation or privilege escalation.
2SKILL.mdUpdated Apr 28, 2026
0X6C7879/tunnel
development
VerifiedTrustedCommunity
Use when performing AD pentest tunneling and pivoting, especially with Ligolo-ng, Chisel, frp, proxychains, SSH forwarding, SOCKS relays, reverse tunnels, or when internal reachability is the main blocker.
2SKILL.mdUpdated Apr 28, 2026
0X6C7879/threat-modeling
development
VerifiedTrustedCommunity
Threat model, security audit, find vulnerabilities, check security of my app, risk assessment, penetration test prep, analyze attack surface, what could an attacker exploit. Use this skill whenever a user wants holistic security analysis of a codebase, application, or project. MUST be invoked instead of analyzing security yourself — it runs a specialized 8-phase STRIDE workflow producing professional deliverables you cannot generate alone: risk assessment reports, DFD diagrams, threat inventories, attack path validation, mitigation plans, and pentest plans. Trigger on: 威胁建模, 安全评估, 渗透测试, 安全分析, 安全审计, 安全检查, 风险评估. NOT for: fixing one specific bug, adding one security feature (rate limiting, CORS), writing tests, CI/CD setup, or debugging errors.
2SKILL.mdUpdated Apr 22, 2026