/ 디렉터리 / 플레이그라운드 / awesome-claude-skills-security
← 모든 서버 ↗ GitHub
● 커뮤니티 Eyadkelleh ⚡ 바로 사용

awesome-claude-skills-security

제작: Eyadkelleh · Eyadkelleh/awesome-claude-skills-security

SecLists-powered security testing skills for Claude Code — injection payloads, wordlists, and expert agents for CTFs and pentesting.

awesome-claude-skills-security packages curated SecLists resources as Claude Code skills for authorized security testing. It provides 7 skill categories (fuzzing, passwords, pattern matching, payloads, usernames, web shells, LLM testing) plus 5 slash commands and 3 expert agents (Pentest Advisor, CTF Assistant, Bug Bounty Hunter). Designed for CTF competitions, authorized pentesting, and security research.

▶ 데모 보기 📦 설치 💡 사용 사례

왜 쓰나요

핵심 기능

라이브 데모

실제 사용 모습

awesome-claude-skills-security.replay ▶ 준비됨
0/0

설치

클라이언트 선택

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "awesome-claude-skills-security": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Eyadkelleh/awesome-claude-skills-security"
      ]
    }
  }
}

Claude Desktop → Settings → Developer → Edit Config 열기. 저장 후 앱 재시작.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "awesome-claude-skills-security": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Eyadkelleh/awesome-claude-skills-security"
      ]
    }
  }
}

Cursor는 Claude Desktop과 동일한 mcpServers 스키마 사용. 프로젝트 설정이 전역보다 우선.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "awesome-claude-skills-security": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Eyadkelleh/awesome-claude-skills-security"
      ]
    }
  }
}

Cline 사이드바의 MCP Servers 아이콘 클릭 후 "Edit Configuration" 선택.

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "awesome-claude-skills-security": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Eyadkelleh/awesome-claude-skills-security"
      ]
    }
  }
}

Claude Desktop과 같은 형식. Windsurf 재시작 후 적용.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "awesome-claude-skills-security",
      "command": "TODO",
      "args": [
        "See README: https://github.com/Eyadkelleh/awesome-claude-skills-security"
      ]
    }
  ]
}

Continue는 맵이 아닌 서버 오브젝트 배열 사용.

~/.config/zed/settings.json
{
  "context_servers": {
    "awesome-claude-skills-security": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/Eyadkelleh/awesome-claude-skills-security"
        ]
      }
    }
  }
}

context_servers에 추가. 저장 시 Zed가 핫 리로드.

claude mcp add awesome-claude-skills-security -- TODO 'See README: https://github.com/Eyadkelleh/awesome-claude-skills-security'

한 줄 명령. claude mcp list로 확인, claude mcp remove로 제거.

사용 사례

실전 활용법: awesome-claude-skills-security

How to test for SQL injection in a CTF challenge with security skills

👤 CTF participants and security students ⏱ ~20 min intermediate

언제 쓸까: You encounter a web challenge that may be vulnerable to SQL injection in a CTF competition.

사전 조건
  • Security skills installed — /plugin marketplace add Eyadkelleh/awesome-claude-skills-security
  • Target is a CTF challenge you are authorized to test — Ensure you have explicit authorization
흐름
  1. Invoke the SQLi test command
    /sqli-test — I have a login form at http://ctf-challenge.local/login. Help me test it for SQL injection vulnerabilities.✓ 복사됨
    → Claude provides relevant SQLi payloads from SecLists and testing strategy
  2. Analyze results
    The server returned a 500 error with 'OR 1=1. What does this indicate and what should I try next?✓ 복사됨
    → Explanation of the vulnerability type and escalation approach

결과: Identified SQL injection vector with exploitation path for the CTF flag.

함정
  • Testing against unauthorized targets — Only use these skills on systems you own or have written authorization to test

Scan a codebase for exposed API keys and credentials

👤 Security engineers performing code reviews ⏱ ~10 min beginner

언제 쓸까: You want to audit a codebase for accidentally committed secrets.

사전 조건
  • Security skills installed — /plugin install security-fuzzing@awesome-security-skills
흐름
  1. Run the API key scan
    /api-keys — Scan the current project directory for exposed API keys, tokens, and credentials.✓ 복사됨
    → List of files and patterns matching known credential formats

결과: Report of exposed credentials that need to be rotated and removed.

함정
  • False positives from test fixtures — Exclude test directories and known fixture files from the scan
함께 쓰기: filesystem

조합

다른 MCP와 조합해 10배 효율

awesome-claude-skills-security + filesystem

Scan project files for exposed secrets and automatically create .gitignore entries

Scan this project for exposed API keys, then add any sensitive files to .gitignore.✓ 복사됨

도구

이 MCP가 노출하는 것

도구입력언제 호출비용
/sqli-test target description Testing for SQL injection vulnerabilities in authorized environments 0
/xss-test target description Testing for cross-site scripting in authorized environments 0
/wordlist wordlist type Need password or directory wordlists for testing 0
/webshell-detect file or directory Checking for web shells in a compromised server 0
/api-keys directory to scan Auditing code for accidentally committed secrets 0

비용 및 제한

운영 비용

API 쿼터
N/A — all resources are local
호출당 토큰
500–3000 tokens depending on payload lists loaded
금액
Free
Load specific wordlists on demand rather than all categories at once.

보안

권한, 시크릿, 파급범위

자격 증명 저장: N/A — no external credentials needed
데이터 외부 송신: All processing is local — no external network calls

문제 해결

자주 발생하는 오류와 해결

Slash command not recognized

Ensure the security skills plugin is installed correctly. Try reinstalling with /plugin marketplace add.

확인: /plugin list
Wordlist too large for context

Request specific subsets (e.g., 'top 100 SQL payloads') instead of loading entire wordlists.

False positives in API key scan

Exclude test fixtures and example files. Provide specific file patterns to scan.

대안

awesome-claude-skills-security 다른 것과 비교

대안언제 쓰나단점/장점
hexstrike-aiYou need active security tools (nmap, nuclei, sqlmap) rather than wordlists and payloadsActive scanning vs passive payload lists

더 보기

리소스

📖 GitHub에서 공식 README 읽기

🐙 열린 이슈 보기

🔍 400+ MCP 서버 및 Skills 전체 보기