一键导入
ctf
用于在 CTF 挑战开始时做首轮分类、轻量 triage 与 skill 路由,识别主导类别后转到对应 ctf-* skill,类别已明确时也可直接作为入口;触发名:solve-challenge
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
用于在 CTF 挑战开始时做首轮分类、轻量 triage 与 skill 路由,识别主导类别后转到对应 ctf-* skill,类别已明确时也可直接作为入口;触发名:solve-challenge
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
面向中文用户和新手的统一入口,保持原有两种模式:1) 自动分流,2) 先头脑风暴再分流。分流目标既可以是 ctf-*,也可以在 Web/接口/漏洞验证阶段增强到 strix-*;适合不知道该用哪个 skill、想先理清题意、又不想自己先判断何时该切到工具链或漏洞专项的场景;触发名:ctf-beginner-hub
面向 CTF 新手与综合题的统一总控 skill。保持原有两种主模式:1) 自动分流,2) 先头脑风暴再分流。分流目标既可以是 ctf-*,也可以在 Web/接口/漏洞验证阶段增强到 strix-*;适合不知道该用哪个 skill、想边做边学、又不想自己先判断何时切换到工具链或漏洞专项的场景;触发名:ctf-super-hub
Strix JWT 与 OIDC 安全测试手册,覆盖令牌伪造、算法混淆与声明篡改;触发名:strix-authentication-jwt
给中文用户和新手用的 Strix Lite 统一入口:先判断该用哪一个 strix-* 工具或漏洞测试 skill,再给最小化起手步骤;适合在 Web 安全测试、工具链使用、漏洞验证时不知道先用哪个 Strix skill 的场景;触发名:strix-beginner-hub
Strix 功能级授权缺陷测试手册,覆盖操作级权限失效、管理功能越权与 API 操作绕过;触发名:strix-broken-function-level-authorization
Strix 业务逻辑漏洞测试手册,覆盖流程绕过、状态操控与领域约束破坏;触发名:strix-business-logic
| name | CTF•挑战调度器 |
| description | 用于在 CTF 挑战开始时做首轮分类、轻量 triage 与 skill 路由,识别主导类别后转到对应 ctf-* skill,类别已明确时也可直接作为入口;触发名:solve-challenge |
| license | MIT |
| compatibility | Requires filesystem-based agent (Claude Code or similar) with bash, Python 3, and internet access. Orchestrates other ctf-* skills. |
| allowed-tools | Bash Read Write Edit Glob Grep Task WebFetch WebSearch Skill |
| metadata | {"user-invocable":"true","argument-hint":"[category] [challenge-file-or-url]"} |
You're a skilled CTF player. Your goal is to solve the challenge and find the flag.
Two setup strategies depending on your workflow:
Use the central installer entrypoint:
bash scripts/install_ctf_tools.sh all
Run a narrower mode when you only want one tool group:
bash scripts/install_ctf_tools.sh python
bash scripts/install_ctf_tools.sh apt
bash scripts/install_ctf_tools.sh brew
bash scripts/install_ctf_tools.sh gems
bash scripts/install_ctf_tools.sh go
bash scripts/install_ctf_tools.sh manual
The full package lists now live in scripts/install_ctf_tools.sh.
Each category skill's SKILL.md has a Prerequisites section listing only the tools needed for that category. Install as you go.
If the CTF platform URL is known, check if it runs CTFd and switch to API-driven navigation:
# Detect CTFd (look for /api/v1/ and /themes/core/)
curl -s "$CTF_URL/api/v1/" | head -5
curl -s "$CTF_URL" | grep -oE '/themes/core/'
If CTFd is detected, ask the user for their API token (generated from CTFd Settings > Access Tokens). The token is not provided by default — the user must create one in the CTFd web UI first. Once provided, set the environment variables and proceed via API:
export CTF_URL="https://ctf.example.com"
export CTF_TOKEN="ctfd_..." # Ask user for this
Invoke /ctf-misc and load its ctfd-navigation.md for the full API reference and Python client class.
file * on everythingstrings, xxd | head, binwalk, checksec on binariesnc) to understand what they expectDetermine the primary category, then invoke the matching skill.
By file type:
.pcap, .pcapng, .evtx, .raw, .dd, .E01 -> forensics.elf, .exe, .so, .dll, binary with no extension -> reverse or pwn (check if remote service provided -- if yes, likely pwn).py, .sage, .txt with numbers -> crypto.apk, .wasm, .pyc -> reverseBy challenge description keywords:
By service behavior:
Once you identify the category, invoke the matching skill to get specialized techniques:
| Category | Invoke | When to Use |
|---|---|---|
| Web | /ctf-web | XSS, SQLi, SSTI, SSRF, JWT, file uploads, prototype pollution |
| Pwn | /ctf-pwn | Buffer overflow, format string, heap, ROP, sandbox escape |
| Crypto | /ctf-crypto | RSA, AES, ECC, PRNG, ZKP, classical ciphers |
| Reverse | /ctf-reverse | Binary analysis, game clients, VMs, obfuscated code |
| Forensics | /ctf-forensics | Disk images, memory dumps, event logs, stego, network captures |
| OSINT | /ctf-osint | Social media, geolocation, DNS, public records |
| Malware | /ctf-malware | Obfuscated scripts, C2 traffic, PE/.NET analysis |
| Misc | /ctf-misc | Jails, encodings, RF/SDR, esoteric languages, constraint solving |
You can also invoke /ctf-<category> to load the full skill instructions with detailed techniques.
If your first approach doesn't work:
Common multi-category patterns:
After solving the challenge, invoke /ctf-writeup to generate a standardized submission-style writeup — concise, reproducible, and ready for competition organizers or teammates to validate.
Flags vary by CTF. Common formats:
flag{...}, FLAG{...}, CTF{...}, TEAM{...}ENO{...}, HTB{...}, picoCTF{...})Validation rule (important):
# Search for common flag patterns in files
grep -rniE '(flag|ctf|eno|htb|pico)\{' .
# Search in binary/memory output
strings output.bin | grep -iE '\{.*\}'
# Recon
file * # Identify file types
strings binary | grep -i flag # Quick string search
xxd binary | head -20 # Hex dump header
binwalk -e firmware.bin # Extract embedded files
checksec --file=binary # Check binary protections
# Connect
nc host port # Connect to challenge
echo -e "answer1\nanswer2" | nc host port # Scripted input
curl -v http://host:port/ # HTTP recon
# Python exploit template
python3 -c "
from pwn import *
r = remote('host', port)
r.interactive()
"
$ARGUMENTS