ghostonbutterbread/hunt
skills/hunt/SKILL.md
Use when starting or orchestrating a bug bounty hunt, running /hunt for a program, selecting testing tasks, or coordinating parallel security research work.
testing
Updated Apr 23, 2026
$ install --global
skillsauthnpx skillsauth add ghostonbutterbread/bug-bounty-harness huntInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 3:37 AM151.1s2 files scanned
SKILL.md
- name:
- hunt
- description:
- Use when starting or orchestrating a bug bounty hunt, running /hunt for a program, selecting testing tasks, or coordinating parallel security research work.
Hunt — Start a Bug Bounty Hunt
Invocation
/hunt <program> [tasks]
/hunt superdrug xss,sqli
/hunt superdrug fuzz --parallel
Examples
/hunt superdrug xss
/hunt superdrug xss,sqli,ssrf --parallel
/hunt superdrug fuzz
Related Skills
ghostonbutterbread/request-exploration
testing
VerifiedTrustedCommunity
Systematic live request mutation: flip booleans, field ops, headers, content-type, parser differentials, replay vs intercept, null/empty testing. Inherits live-testing-policy scope/rate/ownership rules.
SKILL.mdUpdated Jun 13, 2026
ghostonbutterbread/password-reset
development
VerifiedTrustedCommunity
Test password reset, forgot-password, reset-token, email reset, and account recovery flows for account takeover risks.
SKILL.mdUpdated Jun 13, 2026
ghostonbutterbread/intelligent-fuzzing
tools
VerifiedTrustedCommunity
Targeted param/field discovery using tech stack clues, naming conventions, and controlled-rate ffuf — then feeds findings into request-exploration for mutation. Not brute-force; informed and scoped.
SKILL.mdUpdated Jun 13, 2026
ghostonbutterbread/create-account
testing
VerifiedTrustedCommunity
Ghost-only workflow for creating approved bug bounty test accounts and saving credential references.
SKILL.mdUpdated Jun 13, 2026