Bb Local Toolkit includes a dedicated installation section; pricing or quota commentary; 57 code blocks for direct copy-paste. At roughly 10,473 words the SKILL.md is on the longer end of the catalog distribution.
Bb Local Toolkit sits in the Security category under the web-security sub-topic in the ClaudSkills catalog. There are 10 related skills indexed alongside it; comparing a few before installing usually reveals which fits your workflow best.
These notes are auto-generated from features detected in the SKILL.md file and from this catalog's structure — they aren't part of the source repository.
From the source SKILL.md
Full pipeline: Recon -> Learn -> Hunt -> Validate -> Report. One skill for everything.
What this skill does
Bb Local Toolkit is a community-contributed Claude Code skill in the web-security sub-category. It ships as a SKILL.md file that Claude Code auto-discovers under ~/.claude/skills/bb-local-toolkit/ and loads when your prompt matches the skill's trigger.
Who uses this skill
The Bb Local Toolkit Claude Code skill is built for security engineers, penetration testers, DevSecOps practitioners, and development teams hardening codebases and infrastructure. It's part of ClaudSkills (also referred to as Claude Skills or Claude Code Skills) — the open community-curated registry of 115,000+ SKILL.md files for Anthropic's Claude Code agent and the wider Claude ecosystem (Claude API, Claude Agent SDK).
Or just download SKILL.md directly and drop it into ~/.claude/skills/bb-local-toolkit/. Claude Code auto-discovers it on next session.
Skills live at ~/.claude/skills/bb-local-toolkit/SKILL.md on macOS/Linux, or %USERPROFILE%\.claude\skills\bb-local-toolkit\SKILL.md on Windows. See the full install guide for step-by-step instructions.
Telegram
📱 Install from your phone or desktop Telegram
Open @claudskills_bot on Telegram, tap Open Desktop App, and the desktop app installs this skill for you. Or share the bot link with a colleague — they get the same one-tap install. Learn more →
Pro
One-click install via the desktop app
The ClaudSkills desktop app installs any skill directly into ~/.claude/skills/ with one click — no terminal required. Pro starts at $9/mo or $149 lifetime.
Pro
For the full experience including quality scoring and one-click install features for each skill — upgrade to Pro.
How do I install the Bb Local Toolkit Claude Code skill?
Install via the ClaudSkills desktop app (one click) or copy SKILL.md from the source repository to ~/.claude/skills/bb-local-toolkit/SKILL.md and restart Claude Code. Both flows are detailed at claudskills.com/install/.
What does the Bb Local Toolkit skill do?
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
Is this skill free to install?
Yes. ClaudSkills is an open registry — every skill keeps its source repository's license, and manual install via copy is free. ClaudSkills Pro ($9/mo, $79/yr, or $149 one-time) adds one-click install via the desktop app and a multi-signal Quality Score.
When should I use the Bb Local Toolkit skill?
Use Bb Local Toolkit when your Claude Code task falls under the Security category — specifically in the web security area. Claude Code auto-discovers installed skills and invokes the right one based on the task description, so you can also ask Claude directly (e.g. "use Bb Local Toolkit" or describe the task and let Claude pick). Browse related skills at /category/security/.
What is a Claude Code skill and how does the Bb Local Toolkit skill fit in?
A Claude Code skill is a SKILL.md file that lives under ~/.claude/skills/<name>/ and tells the Claude Code CLI agent how to perform a specific task (instructions, prompts, allowed tools). Skills are auto-discovered at session start. Bb Local Toolkit is one of 67,000+ skills indexed in the open ClaudSkills catalog, classified under the Security category. Learn more at /learn/what-is-a-claude-skill/.
If you reference this skill in a blog post, paper, or documentation, you can cite it as:
APA
elementalsouls. (2026). Bb Local Toolkit [Claude Code skill]. ClaudSkills. https://claudskills.com/skills/bb-local-toolkit/
BibTeX
@misc{bb-local-toolkit-2026,
author = {elementalsouls},
title = {Bb Local Toolkit [Claude Code skill]},
year = {2026},
publisher = {ClaudSkills},
url = {https://claudskills.com/skills/bb-local-toolkit/}
}
Embed this skill
Promote, attribute, or link this skill from your own README, blog post, or documentation. All three snippets are free to use — no sign-up, no API key. More distribution surfaces →
<iframe src="https://claudskills.com/embed/bb-local-toolkit.html" width="100%" height="160" frameborder="0" loading="lazy" title="ClaudSkills: Bb Local Toolkit"></iframe>
Security scan
Grade C · scanned 2026-06-13 — free static scan against the OWASP Agentic Skills Top 10.
The scan flagged 5 of 10 categories (data-exfil, execution, filesystem, network, prompt-injection), including a high-severity pattern. Patterns shown inside code fences are weighted as examples rather than instructions — read the grading methodology for what this does and does not guarantee.
Claude™ is a trademark of Anthropic PBC. ClaudSkills (also referred to as Claude Skills or Claude Code Skills Catalog) is an independent community-curated registry of SKILL.md files, not affiliated with, endorsed by, or sponsored by Anthropic.
Install ClaudSkills — browse 70k+ skills offline, one tap from your home screen.