Identify remotely exploitable, bounty-worthy security issues in code repositories.
The material indicates a prompt-only/document-style security review aid with no required secrets, no declared remote endpoints, and no stated local execution or data access capabilities. Combined with its open-source GitHub source and very strong community adoption, the overall risk is low, though it should still be used only within authorized scope due to its vulnerability-hunting purpose.
The material explicitly states that no keys or environment variables are required, and it does not request API tokens, account credentials, or other sensitive secrets, so credential exposure and misuse risk appears low.
No remote endpoints are declared, and the content mainly describes a bug-bounty analysis workflow and guidance rather than sending user data to external services. References to Huntr, HackerOne, and semgrep appear to be usage context or examples, not evidence of the skill itself exfiltrating data.
The system flags it as prompt-only; although the material includes command-line examples, it does not describe any capability to spawn local processes, execute code, or invoke system functions, so those examples should not be treated as actual execution privileges.
The material does not declare any ability to read, write, or modify local files, repository contents, databases, or other resources; it reads more like audit methodology guidance than a tool with direct data-access interfaces.
The source is an open-source GitHub repository with extremely high community adoption (about 210k stars), which are strong risk-reducing signals. While the license is undeclared and maintenance status is unknown, creating some compliance and upkeep uncertainty, the material shows no red flags such as closed-source distribution, suspicious packaging, or opaque dependencies.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "security-bounty-hunter" skill from askskill: 1. Download https://raw.githubusercontent.com/affaan-m/ECC/main/skills/security-bounty-hunter/SKILL.md 2. Save it as ~/.claude/skills/security-bounty-hunter/SKILL.md 3. Reload skills and tell me it's ready
Review this web service repository and focus on remotely exploitable issues that would qualify for a bug bounty report, such as auth bypass, RCE, injection, privilege escalation, or sensitive data exposure. Ignore local-only or low-value noisy findings, and organize results by root cause, exploit path, impact, and reproduction steps.
A severity-ranked list of high-value vulnerabilities with reproduction guidance and report-ready details.
Analyze this API project and identify the attack surfaces most worth testing first for valid bounty findings. Explain which endpoints, auth logic, file handling flows, or third-party integrations are riskiest, and provide a prioritized testing order.
A prioritized testing plan focused on high-risk remotely reachable attack surfaces.
Based on the discovered issue, draft a report suitable for a bug bounty platform. Include a title, impact summary, affected components, prerequisites, reproduction steps, real-world impact, and remediation advice, emphasizing remote exploitability and business risk.
A complete bug bounty report draft ready for review and submission.
Use this when the goal is practical vulnerability discovery for responsible disclosure or bounty submission, not a broad best-practices review.
Bias toward remotely reachable, user-controlled attack paths and throw away patterns that platforms routinely reject as informative or out of scope.
These are the kinds of issues that consistently matter:
| Pattern | CWE | Typical impact |
|---|---|---|
| SSRF through user-controlled URLs | CWE-918 | internal network access, cloud metadata theft |
| Auth bypass in middleware or API guards | CWE-287 | unauthorized account or data access |
| Remote deserialization or upload-to-RCE paths | CWE-502 | code execution |
| SQL injection in reachable endpoints | CWE-89 | data exfiltration, auth bypass, data destruction |
| Command injection in request handlers | CWE-78 | code execution |
| Path traversal in file-serving paths | CWE-22 | arbitrary file read or write |
| Auto-triggered XSS | CWE-79 | session theft, admin compromise |
These are usually low-signal or out of bounty scope unless the program says otherwise:
pickle.loads, torch.load, or equivalent with no remote patheval() or exec() in CLI-only toolingshell=True on fully hardcoded commandssemgrep --config=auto --severity=ERROR --severity=WARNING --json
Then manually filter:
## Description
[What the vulnerability is and why it matters]
## Vulnerable Code
[File path, line range, and a small snippet]
## Proof of Concept
[Minimal working request or script]
## Impact
[What the attacker can achieve]
## Affected Version
[Version, commit, or deployment target tested]
Before submitting:
Handle returns, refunds, fraud checks, and warranty claim decisions efficiently.
Use Bun for runtime, bundling, testing, packages, and Node migration decisions.
Use the correct Ethereum Keccak-256 hashing in Node.js and TypeScript.
Apply Nuxt 4 patterns for SSR safety, performance, and data fetching.
Generate images, videos, and audio with one unified AI media workflow.
Design Quarkus 3 backend patterns for messaging, APIs, data, and async workflows.
Scan Python projects and GitHub repos for vulnerabilities, secrets, and AI risk insights.
Review repositories in natural language for security, performance, and code quality issues
Detect prompt injection, look up CVEs, and assess version impact.
Analyze Git history to map security ownership and identify sensitive code bus-factor risks.
Scan AI coding workflows for code, secrets, dependency, and tool security risks.
Scan project risks and quality issues with a health score and fixes.