awesome-skill
NewInstall rahmanhsim's full security skill arsenal into your AI agent workspace. Contains 110+ structured SKILL.md files across 24 categories including web injection, API security, recon, active directory, binary exploitation, crypto, mobile, smart contract, AI/LLM security, and more. Use when setting up a new agent workspace or adding security testing capabilities.
Overview
awesome-skill — Install Guide
Quick Install
Clone the full arsenal directly into your Skills/ directory:
git clone https://github.com/rahmanhsim/awesome-skill.git SkillsPartial Install (by category)
Install only the categories you need:
git clone --depth 1 --filter=blob:none --sparse https://github.com/rahmanhsim/awesome-skill.git
cd awesome-skill
git sparse-checkout set Injection Auth API ReconAvailable Categories
| Category | Skills | Description |
|---|---|---|
Injection | 27 | XSS, SQLi, SSRF, SSTI, XXE, WAF bypass, deserialization |
Auth | 9 | JWT, OAuth, SAML, CSRF, CORS, auth bypass |
API | 5 | REST, GraphQL, BOLA, JWT abuse |
Recon | 7 | Subdomain enum, OSINT, source leak, methodology |
Active-Directory | 7 | Kerberos, NTLM, ADCS, ACL abuse, lateral movement |
Linux-macOS | 9 | PrivEsc, container escape, kernel, reverse shell |
Exploit | 9 | ROP, heap, format string, V8, anti-debug |
Crypto | 7 | RSA, lattice, hash attack, stego |
Infra | 7 | Tunneling, Kubernetes, network protocol |
Mobile | 3 | Android, iOS, SSL pinning bypass |
Smart-Contract | 2 | DeFi attacks, Solidity vulns |
AI-Security | 2 | LLM prompt injection, AI/ML attacks |
Business-Logic | 4 | Race condition, pricing abuse, workflow bypass |
File | 3 | Upload bypass, LFI, path traversal |
OSINT | 1 | Open source intelligence gathering |
Forensics | 1 | Digital forensics, memory analysis |
Malware | 1 | Malware analysis, reverse engineering |
Threat-Intel | 1 | IOC analysis, APT tracking, threat hunting |
Password | 1 | Password cracking methodology |
CICD | 1 | CI/CD pipeline attack patterns |
Payloads | 1 | Payload collections and bypass techniques |
Social-Engineering | 1 | Phishing, pretexting, physical security |
HackenProof | 5 | Bug bounty triage workflow (HackenProof platform) |
Master | 1 | Entry point router — start here |
Usage
After installing, start every security testing session with the master router:
Run skill: Master/hackThe master skill will analyze your target and route you to the appropriate category and technique.
Requirements
- •Authorized target only (bug bounty scope, owned systems, CTF)
- •AI agent with file read capability
- •Compatible with: Zo Computer, Claude Code, any Agent Skills-compatible runtime
Source
Repo: https://github.com/rahmanhsim/awesome-skill Author: @rahmanhsim Spec: https://agentskills.io/specification
Install & Usage
mkdir -p .claude/skillsmkdir -p .claude/skills && curl -o .claude/skills/awesome-skill.md https://raw.githubusercontent.com/rahmanhsim/awesome-skill/main/SKILL.md/awesome-skillSecurity Audits
Frequently Asked Questions
What is awesome-skill?
Install rahmanhsim's full security skill arsenal into your AI agent workspace. Contains 110+ structured SKILL.md files across 24 categories including web injection, API security, recon, active directory, binary exploitation, crypto, mobile, smart contract, AI/LLM security, and more. Use when setting up a new agent workspace or adding security testing capabilities.
How to install awesome-skill?
To install awesome-skill: create the skills directory (mkdir -p .claude/skills), then run: mkdir -p .claude/skills && curl -o .claude/skills/awesome-skill.md https://raw.githubusercontent.com/rahmanhsim/awesome-skill/main/SKILL.md. Finally, /awesome-skill in Claude Code.
What is awesome-skill best for?
awesome-skill is a skill categorized under General. It is designed for: security, testing, api, agent. Created by rahmanhsim.