● Community rhysha ⚡ Instant

claude-security-research-skill

Name: claude-security-research-skill MCP Server
Author: rhysha

by rhysha · rhysha/claude-security-research-skill

Skipped: offensive-security scope (recon, vulnerability scanning, bug bounty) is outside this catalog's safety policy.

This skill orchestrates reconnaissance, vulnerability scanning, and bug-bounty-style workflows. Per the catalog's safety rules, we do not document tooling intended for offensive security / pentest use. For defensive workflows (threat modeling, IaC audits, dependency CVE triage) see security-skill instead.

▶ Watch demo 📦 Install

Live Demo

What it looks like in practice

ready

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "claude-security-research-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/rhysha/claude-security-research-skill",
        "~/.claude/skills/claude-security-research-skill"
      ],
      "_inferred": true
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "claude-security-research-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/rhysha/claude-security-research-skill",
        "~/.claude/skills/claude-security-research-skill"
      ],
      "_inferred": true
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "claude-security-research-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/rhysha/claude-security-research-skill",
        "~/.claude/skills/claude-security-research-skill"
      ],
      "_inferred": true
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "claude-security-research-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/rhysha/claude-security-research-skill",
        "~/.claude/skills/claude-security-research-skill"
      ],
      "_inferred": true
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "claude-security-research-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/rhysha/claude-security-research-skill",
        "~/.claude/skills/claude-security-research-skill"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json

{
  "context_servers": {
    "claude-security-research-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/rhysha/claude-security-research-skill",
          "~/.claude/skills/claude-security-research-skill"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add claude-security-research-skill -- git clone https://github.com/rhysha/claude-security-research-skill ~/.claude/skills/claude-security-research-skill

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Security

Permissions, secrets, blast radius

Not documented here per catalog safety policy against offensive-security / pentest tooling.

Alternatives