Skip to main content

Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

ghostonbutterbread/findings

skills/findings/SKILL.md

Use when viewing, listing, filtering, summarizing, or checking bug bounty findings, including /findings requests by program or severity.

Updated Apr 23, 2026

$ install --global

npx skillsauth add ghostonbutterbread/bug-bounty-harness findings

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

3

Scanners Passed

9

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 23, 2026, 3:36 AM135.6s2 files scanned

SKILL.md

name:: findings
description:: Use when viewing, listing, filtering, summarizing, or checking bug bounty findings, including /findings requests by program or severity.

Findings — View Bug Bounty Findings

Invocation

/findings
/findings superdrug
/findings --severity P1

Related Skills

ghostonbutterbread/request-exploration

testing

VerifiedTrustedCommunity

Systematic live request mutation: flip booleans, field ops, headers, content-type, parser differentials, replay vs intercept, null/empty testing. Inherits live-testing-policy scope/rate/ownership rules.

SKILL.mdUpdated Jun 13, 2026

ghostonbutterbread/request-exploration

mcp-scan — Pass

Semgrep — Pass

VirusTotal — N/A

ghostonbutterbread/password-reset

development

VerifiedTrustedCommunity

Test password reset, forgot-password, reset-token, email reset, and account recovery flows for account takeover risks.

SKILL.mdUpdated Jun 13, 2026

ghostonbutterbread/password-reset

mcp-scan — Pass

Semgrep — Pass

VirusTotal — N/A

ghostonbutterbread/intelligent-fuzzing

tools

VerifiedTrustedCommunity

Targeted param/field discovery using tech stack clues, naming conventions, and controlled-rate ffuf — then feeds findings into request-exploration for mutation. Not brute-force; informed and scoped.

SKILL.mdUpdated Jun 13, 2026

ghostonbutterbread/intelligent-fuzzing

mcp-scan — Pass

Semgrep — Pass

VirusTotal — N/A

ghostonbutterbread/create-account

testing

VerifiedTrustedCommunity

Ghost-only workflow for creating approved bug bounty test accounts and saving credential references.

SKILL.mdUpdated Jun 13, 2026

ghostonbutterbread/create-account

mcp-scan — Pass

Semgrep — Pass

VirusTotal — N/A

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/ghostonbutterbread/bug-bounty-harness.git

# Copy into Claude Code skills folder (global)
cp -r bug-bounty-harness/skills/findings ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

ghostonbutterbread/bug-bounty-harness

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT