Claude-BugHunter is a skill bundle for Claude Code designed for bug hunting, pentesting, and red-team operations. It includes a large collection of skills, slash commands, and vulnerability report patterns, specifically tailored for AI security and offensive security tasks. The project aims to augment AI models like Claude for security analysis and reporting.
A starter prompt for Claude Code, what you'll need, and how to reach them.
You are an expert full-stack developer. I need you to build an MVP for a 'Claude-BugHunter' platform. This platform will allow users to define and run 'skill bundles' for AI-assisted bug hunting using Claude. Use Next.js 16 App Router, React 19, Tailwind v4 for the UI, and AI SDK v6 with Gemini for AI integration (though the prompt specifies Claude, use Gemini for the initial prototype as it's the house stack). Use Neon Postgres on Vercel for persistence. **Core Requirements for MVP:** 1. **Skill Definition UI:** Create a web interface where users can define a 'skill' by giving it a name, a description, and a set of instructions (similar to a detailed prompt). Allow for optional 'slash commands' (e.g., /scan_xss, /check_sqli) that map to specific instructions. 2. **Vulnerability Pattern Management:** Implement a simple CRUD interface for managing 'vulnerability patterns'. Each pattern should have a name (e.g., 'XSS via Reflected Input'), a description, and example 'disclosure report excerpts' that the AI can reference. 3. **Basic Execution Flow:** Create a page where a user can select a defined 'skill' and provide a target (e.g., code snippet, URL endpoint). The system should then send the skill's instructions, along with the target context and relevant vulnerability patterns, to the AI model and display the AI's response. 4. **Persistence:** Store defined skills and vulnerability patterns in a Neon Postgres database. **MVP Slice:** Focus on enabling users to define ONE skill and ~5 vulnerability patterns, and execute that skill against a simple text input (e.g., a mock code snippet) to demonstrate the AI interaction. Do not worry about real-world scanning or complex integrations initially. The AI interaction should simulate how Claude would apply the skill/patterns to identify potential issues and suggest report elements. **Build/Verify Gate:** The application should run locally. Users can define a new skill and a vulnerability pattern. When executing the skill, the AI SDK should successfully send the combined prompt (skill instructions + target text + pattern examples) to Gemini and display the raw response.
Reach out to the AI security community and developers interested in extending LLM capabilities, highlighting how Lumivara's MCP server and agent evaluation tools can help build more robust and testable AI security agents.
A Claude Code skill bundle for bug hunting and external red-team work - 51 skills, 15 slash commands, 681 disclosed-report patterns curated across 24 vulnerability classes, plus enterprise identity + infrastructure attack matrices. Topics: ai-security, anthropic, application-security, bug-bounty, bugbounty, bugcrowd, claude, claude-code, claude-skills, ethical-hacking, hackerone, offensive-security, pentesting, red-team, security-tools, web-security.
Open a new issue or discussion on the GitHub repository, or if an email is visible, send a direct email.
“I'm a solo operator who's built a prototype for an AI-powered bug-hunting skill bundle, inspired by your Claude-BugHunter project. I've focused on composable skills and patterns for web security; would you be open to a demo and discussing collaboration or integration ideas?”
Open the original ↗