ghostonbutterbread/caido
skills/caido/SKILL.md
Connect to a Caido MCP instance for proxy traffic inspection and request comparison.
tools
Updated Jun 6, 2026
$ install --global
skillsauthnpx skillsauth add ghostonbutterbread/bug-bounty-harness caidoInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 6, 2026, 2:26 AM44.0s1 file scanned
SKILL.md
- name:
- caido
- description:
- Connect to a Caido MCP instance for proxy traffic inspection and request comparison.
Caido
Use this when a bug bounty task needs Caido MCP traffic, project history, request inspection, or request comparison.
MCP URL
Default to:
http://localhost:3333/mcp
If the user gives a hostname or IP address, use:
http://<hostname-or-ip>:3333/mcp
If the user gives a full URL, use that exact URL.
Workflow
- Resolve the MCP URL from the user's request.
- Check connectivity before assuming Caido is available.
- If the task mentions PwnFox, a colored browser/profile/session, or a phrase
like "Red session", load
/pwnfoxand filter history byX-PwnFox-Color: <color>. - If unreachable, report whether it looks like host, firewall, bind-address, or port exposure trouble.
- For comparisons, keep Caido projects isolated and compare equivalent workflows request-by-request.
- For one live owned-session request capture or intercept/modify testing, route to
/single-request-grabberafter Caido connectivity is confirmed.
Related Skills
ghostonbutterbread/stored-xss
documentation
VerifiedTrustedCommunity
Use when attacker-controlled input is saved and rendered later in a profile, comment, title, notification, admin view, export, email, feed, upload metadata, or other stored render surface.
SKILL.mdUpdated Jun 6, 2026
ghostonbutterbread/reflected-xss
content-media
VerifiedTrustedCommunity
Use when attacker-controlled input appears in the immediate HTTP response or browser-rendered page and needs reflected XSS context classification, payload selection, mutation, and browser verification.
SKILL.mdUpdated Jun 6, 2026
ghostonbutterbread/pwnfox
data-ai
VerifiedTrustedCommunity
Use when inspecting proxy traffic from PwnFox-profiled browser sessions, filtering Caido/Burp/proxy history by X-PwnFox-Color, or interpreting user phrases like 'Red session' as a distinct browser/auth/profile lane.
SKILL.mdUpdated Jun 6, 2026
ghostonbutterbread/skills/lfi
tools
VerifiedTrustedCommunity
# LFI — Local File Inclusion Bypass ## What It Does Tests LFI bypass techniques: path traversal, null bytes, wrappers, log poisoning. Load `general-security-testing-policy`, `live-testing-policy`, and `injection-testing-policy` before live testing. For file/path sinks, absence of an immediate file read or response delta is not a stop reason by itself; use the policy to reason about path normalization, extension allowlists, wrappers, encoding, parser differences, and stack-specific proof ladder
SKILL.mdUpdated Jun 6, 2026