ReddRadar
Topic: claude-code
35,830 skills in this topic.
-
brainstorm
Unified brainstorming skill with dual-mode operation — auto mode (framework generation, parallel multi-role analysis, cross-role synthesis) and single role analysis. Triggers on "brainstorm", "头脑风暴".
catlog22/Claude-Code-Workflow 1,785
-
review-code
Multi-dimensional code review with structured reports. Analyzes correctness, readability, performance, security, testing, and architecture. Triggers on "review code", "code review", "审查代码", "代码审查".
catlog22/Claude-Code-Workflow 1,785
-
workflow-skill-designer
Meta-skill for designing orchestrator+phases structured workflow skills. Creates SKILL.md coordinator with progressive phase loading, TodoWrite patterns, and data flow. Triggers on "design workflow skill", "create workflow skill", "workflow skill designer".
catlog22/Claude-Code-Workflow 1,785
-
ccw-help
CCW command help system. Search, browse, recommend commands, skills, teams. Triggers "ccw-help", "ccw-issue".
catlog22/Claude-Code-Workflow 1,785
-
make-issue-spec
pchalasani/claude-code-tools 1,718
-
socratic-quiz
Use this when the user wants to deeply understand something through guided questioning. Trigger phrases include: "quiz me", "help me understand", "Socratic", "teach me", "walk me through with questions", "test my understanding", or when the user asks for an explanation and would benefit more from guided discovery than a direct answer.
pchalasani/claude-code-tools 1,718
-
add-pattern
Use this skill when you learn one or more design pattern(s) in the Langroid (multi) agent framework, and want to make a note for future reference for yourself. Use this either autonomously, or when asked by the user to record a new pattern.
pchalasani/claude-code-tools 1,718
-
session-search
For CLI agents WITHOUT subagent support (e.g., Codex CLI). Search previous code agent sessions for specific work, decisions, or code patterns.
pchalasani/claude-code-tools 1,718
-
patterns
Design patterns for the Langroid multi-agent LLM framework. Covers agent configuration, tools, task control, and integrations.
pchalasani/claude-code-tools 1,718
-
code-walk-thru
Use this when user wants you to walk through (code or text) files in a EDITOR to either explain how some code works, or to show the user what changes you made, etc. You would typically use this repeatedly to show the user your changes or code files one by one, sometimes with specific line-numbers. This way the user is easily able to follow along in their favorite EDITOR as you point at various files possibly at specific line numbers within those files.
pchalasani/claude-code-tools 1,718
-
voice-update
This skill should be used when the agent needs to give a spoken voice update to the user, or when reminded by a Stop hook to provide audio feedback. Use this skill to speak a short summary of what was accomplished.
pchalasani/claude-code-tools 1,718
-
recover-context
Extract full context of the last task from the most recent parent session shown in the session lineage. Strategically uses sub-agents to avoid bloating your own context.
pchalasani/claude-code-tools 1,718
-
tmux-cli
CLI utility to communicate with other CLI Agents or Scripts in other tmux panes; use it only when user asks you to communicate with other CLI Agents or Scripts in other tmux panes.
pchalasani/claude-code-tools 1,718
-
msg
Inter-agent communication via the msg CLI. Use this when you need to send messages to other agent sessions, read incoming messages, or coordinate with other agents in tmux panes.
pchalasani/claude-code-tools 1,718
-
log-work
pchalasani/claude-code-tools 1,718
-
web2-vuln-classes
Complete reference for 20 web2 bug classes with root causes, detection patterns, bypass tables, exploit techniques, and real paid examples. Covers IDOR, auth bypass, XSS, SSRF (11 IP bypass techniques), SQLi, business logic, race conditions, OAuth/OIDC, file upload (10 bypass techniques), GraphQL, LLM/AI (ASI01-ASI10 agentic framework), API misconfig (mass assignment, JWT attacks, prototype pollution, CORS), ATO taxonomy (9 paths), SSTI (Jinja2/Twig/Freemarker/ERB/Spring), subdomain takeover, cloud/infra misconfigs, HTTP smuggling (CL.TE/TE.CL/H2.CL), cache poisoning, MFA bypass (7 patterns), SAML attacks (XSW/comment injection/signature stripping). Use when hunting a specific vuln class or studying what makes bugs pay.
shuvonsec/claude-bug-bounty 1,696
-
report-writing
Bug bounty report writing for H1/Bugcrowd/Intigriti/Immunefi — report templates, human tone guidelines, impact-first writing, CVSS 3.1 scoring, title formula, impact statement formula, severity decision guide, downgrade counters, pre-submit checklist. Use after validating a finding and before submitting. Never use "could potentially" — prove it or don't report.
shuvonsec/claude-bug-bounty 1,696
-
web2-recon
Web2 recon pipeline — subdomain enumeration (subfinder, Chaos API, assetfinder), live host discovery (dnsx, httpx), URL crawling (katana, waybackurls, gau), directory fuzzing (ffuf), JS analysis (LinkFinder, SecretFinder), continuous monitoring (new subdomain alerts, JS change detection, GitHub commit watch). Use when starting recon on any web2 target or when asked about asset discovery, subdomain enum, or attack surface mapping.
shuvonsec/claude-bug-bounty 1,696
-
triage-validation
Finding validation before writing any report — 7-Question Gate (all 7 questions), 4 pre-submission gates, always-rejected list, conditionally valid with chain table, CVSS 3.1 quick reference, severity decision guide, report title formula, 60-second pre-submit checklist. Use BEFORE writing any report. One wrong answer = kill the finding and move on. Saves N/A ratio.
shuvonsec/claude-bug-bounty 1,696
-
bug-bounty
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
shuvonsec/claude-bug-bounty 1,696
-
web3-audit
Smart contract security audit — 10 DeFi bug classes (accounting desync, access control, incomplete path, off-by-one, oracle, ERC4626, reentrancy, flash loan, signature replay, proxy), pre-dive kill signals (TVL < $500K etc), Foundry PoC template, grep patterns for each class, and real Immunefi paid examples. Use for any Solidity/Rust contract audit or when deciding whether a DeFi target is worth hunting.
shuvonsec/claude-bug-bounty 1,696
-
security-arsenal
Security payloads, bypass tables, wordlists, gf pattern names, always-rejected bug list, and conditionally-valid-with-chain table. Use when you need specific payloads for XSS/SSRF/SQLi/XXE/NoSQLi/command injection/SSTI/IDOR/path-traversal/HTTP smuggling/WebSocket/MFA bypass, bypass techniques, or to check if a finding is submittable. Also use when asked about what NOT to submit.
shuvonsec/claude-bug-bounty 1,696
-
bb-methodology
Use at the START of any bug bounty hunting session, when switching targets, or when feeling lost about what to do next. Master orchestrator that combines the 5-phase non-linear hunting workflow with the critical thinking framework (developer psychology, anomaly detection, What-If experiments). Routes to all other skills based on current hunting phase. Also use when asking "what should I do next" or "where am I in the process."
shuvonsec/claude-bug-bounty 1,696
-
grepai
Replaces ALL built-in search tools. You MUST invoke this skill BEFORE using WebSearch, Grep, or Glob. NEVER use the built-in Grep tool - use `grepai` instead.
yoanbernabeu/grepai 1,599