MCP App StoreMCP App Store
from CTF Skills Collection1,622
Comprehensive web-exploitation playbook for CTFs: XSS, SQLi, SSTI, SSRF, XXE, JWT abuse, auth bypass, file upload chains, and web-related reconnaissance.
This skill provides a structured, practical playbook for web-focused CTF challenges. It guides the operator through recon, attack surface mapping, common vulnerability families (XSS, SQLi, SSTI, SSRF, XXE, auth flaws), and chaining techniques to escalate a small primitive into a full exploit path. The SKILL bundles quick-start commands, prioritisation heuristics, and links to in-depth notes for server-side, client-side, and auth-related vectors.
Invoke when the challenge is centred on an HTTP application, API, or browser surface — particularly when templates, tokens, identity flows, or upload/parsing features are involved. Avoid for native pwn or deep crypto unless the web interface remains the core attack vector.
Intended for agents with shell and HTTP tooling (ffuf, curl, Python). Works best with Claude Code or other agents that can run local tools for active testing.
CTF Web Exploitation skill is a well-structured reference playbook for web CTF challenges covering XSS, SQLi, SSTI, SSRF, JWT abuse, and more. It has no executable scripts — it's purely a knowledge/reference skill. The SKILL.md is thorough with clear frontmatter, good progressive disclosure via linked reference files, and practical quick-start commands. Security is clean: no hardcoded credentials, no destructive commands, no exfiltration instructions — it's an educational offensive-security resource. Architecture follows the skill spec well with lean SKILL.md and well-organized references/. Usefulness is moderate: CTFs are a niche audience and many agents won't encounter web exploitation tasks in normal workflows.
Well-organized educational skill for CTF web exploitation. No security concerns — no hardcoded secrets, no destructive commands, no data exfiltration. The skill instructs agents to use security testing tools (sqlmap, ffuf, etc.) against CTF targets, which is appropriate for the stated purpose. Clean frontmatter, good reference structure with 18+ linked sub-files. Deductions: quality slightly lower because it's purely reference content without executable validation; usefulness limited by niche CTF audience.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
CTF Cryptography
Reference of cryptographic attack techniques and tools for CTF challenges (RSA, AES, ECC, lattices, PRNGs, padding oracles, and more).
Reverse Engineer
Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for
FastAPI Project Templates
Creates production-ready FastAPI project scaffolds with async patterns, DI, middleware, and testing best practices for high-performance APIs.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
Dune Analytics (MoonPay Integration)
Run Dune SQL and saved queries via the Dune REST API for on-chain analytics; pairs with MoonPay CLI to create/fund wallets for analysis.
IGF (Grapefruit) CLI
CLI skill to control the IGF (Grapefruit) dynamic instrumentation server for mobile security testing: enumerate Frida devices, inspect apps, run hooks, access f
Code Audit
Perform professional code security audits across 9 languages with configurable quick/standard/deep modes and Docker-backed verification.
Security Research Meta-Methodology
A structured vulnerability research framework distilled from 5600+ security docs, covering web injection, deserialization, binary exploitation, domain pentest,
rsbkb (Rust BlackBag)
Collection of fast CLI applets for binary data manipulation, encoding/decoding, checksums, compression, and reverse-engineering workflows.