abelrguezr/skills-locator-navigation
skills-locator-navigation/SKILL.md
Locate, shortlist, and navigate the generated skills corpus quickly. Use this skill whenever the user asks to find a relevant skill, browse the 900+ skills, identify duplicates, map topic coverage, or open the correct SKILL.MD/scripts folder for a task.
$ install --global
skillsauthnpx skillsauth add abelrguezr/hacktricks-skills skills-locator-navigationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:50 PM1.8s1 file scanned
SKILL.md
- name:
- skills-locator-navigation
- description:
- Locate, shortlist, and navigate the generated skills corpus quickly. Use this skill whenever the user asks to find a relevant skill, browse the 900+ skills, identify duplicates, map topic coverage, or open the correct SKILL.MD/scripts folder for a task.
Skills Locator & Navigation
Use this skill to reliably find the right skill package inside a large skills corpus.
When this skill should trigger
Trigger whenever the user asks to:
- find a skill by topic, tool, framework, OS, or attack technique
- browse or navigate the skills tree
- identify where a specific tutorial/README skill landed
- shortlist candidate skills for a request
- inspect missing coverage or duplicates across many skills
Inputs
- A query, keyword list, or task description
- Optional scope path (subtree under the skills root)
Outputs
- Ranked list of matching skill directories
- For each match: path to
SKILL.MD, short reason, and confidence (high|medium|low) - If ambiguous: ask one clarification question and provide best-effort shortlist anyway
Workflow
- Resolve skills root.
- Run
scripts/find_skill.pywith the user query. - If needed, run
scripts/list_skills.pyfor macro view (coverage by top-level area). - Return top 3-10 matches with exact paths.
- If user picks one, open that skill and proceed with task execution.
Commands
Find by query
python3 scripts/find_skill.py --query "golden ticket kerberos" --top 8
Limit to subtree
python3 scripts/find_skill.py --query "token escalation" --scope "windows-hardening" --top 10
Show corpus overview
python3 scripts/list_skills.py --max-topics 40
Ranking behavior
find_skill.py scores candidates using:
- exact/near token matches in path
- token matches in YAML
nameanddescription - token matches in SKILL body
Path and metadata are weighted higher than generic body matches.
Response format for users
Use this compact format:
<path-to-skill-dir>— why it matches<path-to-skill-dir>— why it matches<path-to-skill-dir>— why it matches
Then ask: “Do you want me to open #1 or compare #1 vs #2 first?”
Notes
- Treat
SKILL.MDandSKILL.mdas equivalent. - Prefer deterministic script output over ad-hoc grep when possible.
- If no strong match exists, return nearest matches and explicitly say coverage might be missing.
Related Skills
abelrguezr/house-of-lore-exploit
testing
VerifiedTrustedCommunity
How to perform a House of Lore (small bin attack) heap exploitation. Use this skill whenever the user mentions heap exploitation, small bin attacks, fake chunks, glibc heap vulnerabilities, or needs to insert fake chunks into small bins for arbitrary read/write. Trigger for CTF challenges involving heap corruption, glibc 2.31+ exploitation, or when the user needs to bypass malloc sanity checks using fake chunk linking.
5SKILL.mdUpdated Apr 16, 2026
abelrguezr/house-of-force-exploit
testing
VerifiedTrustedCommunity
How to perform House of Force heap exploitation attacks. Use this skill whenever the user mentions heap exploitation, House of Force, top chunk manipulation, arbitrary memory allocation, malloc manipulation, or wants to allocate chunks at specific addresses. Also trigger for CTF challenges involving heap overflows, top chunk size overwrites, or when the user needs to calculate evil_size for heap attacks. Make sure to use this skill for any binary exploitation task involving glibc heap manipulation, even if they don't explicitly say "House of Force".
5SKILL.mdUpdated Apr 16, 2026
abelrguezr/house-of-einherjar
tools
VerifiedTrustedCommunity
How to perform House of Einherjar heap exploitation to allocate memory at arbitrary addresses. Use this skill whenever the user mentions heap exploitation, glibc heap attacks, arbitrary memory allocation, off-by-one overflow exploitation, tcache poisoning, fast bin attacks, or any CTF challenge involving heap manipulation. This is essential for binary exploitation tasks where you need to control malloc() return addresses.
5SKILL.mdUpdated Apr 16, 2026
abelrguezr/heap-overflow-exploitation
testing
VerifiedTrustedCommunity
How to identify, analyze, and exploit heap overflow vulnerabilities in binary exploitation challenges and real-world scenarios. Use this skill whenever the user mentions heap overflows, memory corruption, heap grooming, tcache poisoning, fast-bin attacks, or any heap-related vulnerability in CTF challenges, binary analysis, or security research. This skill covers heap overflow fundamentals, exploitation techniques, heap grooming strategies, and real-world CVE analysis.
5SKILL.mdUpdated Apr 16, 2026