deploy-hf
vmain
io.github.Vincentqyw/image-matching-webui/deploy-hf
Release a new imcui version and deploy to HuggingFace Spaces (test → prod). Invoke when user asks to release, deploy, or ship a new version.
io.github.shuvonsec/claude-bug-bounty/mobile-pentest · vmain
Mobile app pentest for bug bounty (Android APK + iOS IPA) — runtime-first workflow: install app, proxy through Burp/mitmproxy, drive the UI, capture packets, then test the API exactly like a web target; escalate to decompile (apktool/jadx) and Frida/objection only when traffic is SSL-pinned, encrypted, or absent. Covers APK/IPA decompile for hardcoded secrets + hidden API endpoints + base URLs the web app never exposes, exported-activity and deeplink intent injection, WebView addJavascriptInterface bridge abuse, SSL pinning bypass (objection patchapk / Frida CertificatePinner + checkServerTrusted hooks), OkHttp interceptor chain to recover request signing, JNI native-lib triage, and the quick apktool/grep secret + endpoint sweep. Use when the program scope includes a mobile app, when web recon dries up and you need a fresh attack surface, or when traffic is pinned and you must MitM it.
热度数据
mobile-pentest 是一个Agent Skill,收录自 SkillsMP。本页提供 Cursor、Claude Code 等客户端的安装配置片段。
Agent Skill 是带 SKILL.md 的指令包。安装后,AI 会根据 description 在匹配任务时自动加载,无需每次手动粘贴提示词。
选择你的平台查看安装方式
选择安装方式
# 改 -a 切换客户端:cursor | claude-code | codex | github-copilot
npx skills add shuvonsec/claude-bug-bounty@mobile-pentest -a cursor -y安装完成后,在对话中直接描述你的任务(或提及技能名称)。Agent 会先读取 SKILL.md 的 description 判断是否启用,再按其中的步骤执行。可用 /skills(Claude Code)或在设置中查看已加载的 Skills。
vmain
io.github.Vincentqyw/image-matching-webui/deploy-hf
Release a new imcui version and deploy to HuggingFace Spaces (test → prod). Invoke when user asks to release, deploy, or ship a new version.
vmain
io.github.kenn-io/agentsview/testing-without-tautologies
Use when creating, editing, fixing, or reviewing tests; when adding mocks, fakes, assertions, unit tests, PG integration tests, frontend component tests, or Playwright e2e tests; or when changing tests after failures.
vmain
io.github.Dynatrace/dynatrace-for-ai/dt-obs-kubernetes
Kubernetes cluster, pod, node, and workload monitoring. Use when analyzing K8s health, resource optimization, pod failures, OOMKills, scheduling, or security posture. Also use for Kubernetes operational events like pod restarts, OOM events, evictions, and cluster event history. Trigger: "Kubernetes pods", "K8s cluster health", "OOMKill", "pod restarts", "container CPU", "namespace resource usage", "over-provisioned pods", "privileged containers", "pod placement", "K8s node capacity", "running containers by cluster", "workload scheduling", "pod evictions", "K8s labels and annotations", "kubernetes events", "pod restart events", "OOM events", "K8s event history". Do NOT use for explaining existing queries, product documentation questions, AWS-specific resource queries, service-level RED metrics, distributed tracing, or log analysis — use the relevant skill instead.
vmaster
io.github.hitobito/hitobito/refactoring
Use when restructuring internal code in hitobito without changing external functionality — for future extensibility, performance, or maintainability.
vmain
io.github.uphiago/recon-skills/docker-privesc
Escape Docker containers to host root via 5 techniques.
vmaster
io.github.Raishin/vanguard-frontier-agentic/css-architecture-design-system-review
Review CSS for specificity and cascade-layer discipline, design-token (custom-property) conformance, and responsive strategy correctness (container queries vs. media queries), catching specificity wars, hardcoded-value token drift, and non-reflowing layouts that fail WCAG 1.4.10/1.4.4 before they compound into unmaintainable stylesheets.
{
"id": "io.github.shuvonsec/claude-bug-bounty/mobile-pentest",
"type": "skill",
"version": "main",
"displayName": "mobile-pentest",
"description": "Mobile app pentest for bug bounty (Android APK + iOS IPA) — runtime-first workflow: install app, proxy through Burp/mitmproxy, drive the UI, capture packets, then test the API exactly like a web target; escalate to decompile (apktool/jadx) and Frida/objection only when traffic is SSL-pinned, encrypted, or absent. Covers APK/IPA decompile for hardcoded secrets + hidden API endpoints + base URLs the web app never exposes, exported-activity and deeplink intent injection, WebView addJavascriptInterface bridge abuse, SSL pinning bypass (objection patchapk / Frida CertificatePinner + checkServerTrusted hooks), OkHttp interceptor chain to recover request signing, JNI native-lib triage, and the quick apktool/grep secret + endpoint sweep. Use when the program scope includes a mobile app, when web recon dries up and you need a fresh attack surface, or when traffic is pinned and you must MitM it.",
"author": {
"name": "shuvonsec",
"url": "https://github.com/shuvonsec"
},
"repository": {
"url": "https://github.com/shuvonsec/claude-bug-bounty",
"source": "github",
"subfolder": "skills/mobile-pentest"
},
"homepage": "https://skillsmp.com/creators/shuvonsec/claude-bug-bounty/skills-mobile-pentest",
"distribution": {
"packages": [
{
"registryType": "source",
"identifier": "shuvonsec/claude-bug-bounty@mobile-pentest",
"version": "main",
"runtimeHint": "npx skills add"
}
],
"remotes": []
},
"dependencies": [],
"installTargets": [
"claude-code",
"claude-desktop",
"cursor",
"codex",
"vscode"
],
"keywords": [
"repo_stars:3796"
],
"provenance": {
"origin": "skillsmp",
"originalId": "shuvonsec-claude-bug-bounty-skills-mobile-pentest-skill-md",
"originalUrl": "https://skillsmp.com/creators/shuvonsec/claude-bug-bounty/skills-mobile-pentest",
"isOfficial": false,
"status": "active"
}
}