一键导入
hackthebox
HackTheBox platform operations and automations to solve challenges, machines and capture the flags hacking competitions
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
HackTheBox platform operations and automations to solve challenges, machines and capture the flags hacking competitions
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Threat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
Detect and break the cloud post-compromise attack chain (AWS / Azure / GCP) — per-stage CloudTrail / Activity-Log / Audit-Log detection signals and the preventive controls that close each step. Use for cloud detection engineering, hardening, remediation write-ups, or blue-team posture review of the lateral-movement -> privilege-escalation -> exfiltration -> evasion chain.
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.
Mobile application security testing — Android (smali, Frida, IL2CPP, Flutter AOT, React Native/Hermes, root detection), iOS (jailbreak, Objection).
| name | hackthebox |
| description | HackTheBox platform operations and automations to solve challenges, machines and capture the flags hacking competitions |
| context | fork |
python3 .claude/tools/env-reader.py HTB_USER HTB_PASS HTB_TOKEN ANTHROPIC_API_KEY SLACK_BOT_TOKEN HTB_SLACK_CHANNEL_IDmkdir -p YYMMDD_<name>/{recon,findings,logs,artifacts,tools,reports} for each challenge. Do not seed attack-chain.md or experiments.md from the orchestrator — those are the coordinator subagent's first action (see skills/coordination/reference/spawning-recipes.md).Agent(name="coordinator-{tag}", run_in_background=True, ...) per spawning-recipes.md. Never run the P0-P6 coordinator workflow inline in the orchestrator session — the bookkeeping discipline (attack-chain.md, experiments.md, goal_attempts counting, mandatory skeptic at experiments 5/15/25) requires the subagent boundary. Max N concurrent agents, queue-based spawning./skill-update + Slack after each coordinator returns its PHASE3_SUMMARY (see workflow.md step 8)