How do I install the Oss Bucket Exploit Claude Code skill?

Install via the ClaudSkills desktop app (one click) or copy SKILL.md from the source repository to ~/.claude/skills/oss-bucket-exploit/SKILL.md and restart Claude Code. Both flows are detailed at https://claudskills.com/install/.

Is this skill free to install?

Yes. ClaudSkills is an open registry — every skill keeps its source repository's license, and manual install via copy is free. ClaudSkills Pro ($9/mo, $79/yr, or $149 one-time) adds one-click install via the desktop app and a multi-signal Quality Score.

ClaudSkills / Security / red-team

Oss Bucket Exploit

Category: Security · Sub-category: red-team · Last updated: 2026-05-22

cloud:aws

对象存储（S3/OSS/COS/OBS）Bucket 误配利用。当发现 AWS S3、阿里云 OSS、腾讯云 COS、华为云 OBS 等对象存储服务，或在 HTTP 响应中看到 x-amz-*、x-oss-*、x-cos-* 等 Header 时使用。覆盖 Bucket 枚举、ACL 误配检测、公开读写利用、Bucket 接管、Object 遍历、任意文件上传、Policy 策略滥用。发现任何云存储桶相关的资产或 URL（*.s3.amazonaws.com、*.oss-cn-*.aliyuncs.com、*.cos.*.myqcloud.com 等）都应使用此技能。优先使用 coscli/tccli 操作腾讯云 COS，awscli 操作 AWS S3

From the source SKILL.md

对象存储是云上最常见的暴露面——Bucket 一旦配置公开读写，就等于把文件服务器直接暴露在互联网上。更危险的是 ACL 误配可以让攻击者接管整个 Bucket，进行钓鱼、供应链投毒、数据窃取。

What this skill does

Oss Bucket Exploit is a community-contributed Claude Code skill in the red-team sub-category. It ships as a SKILL.md file that Claude Code auto-discovers under ~/.claude/skills/oss-bucket-exploit/ and loads when your prompt matches the skill's trigger.

Who uses this skill

The Oss Bucket Exploit Claude Code skill is built for security engineers, penetration testers, DevSecOps practitioners, and development teams hardening codebases and infrastructure. It's part of ClaudSkills (also referred to as Claude Skills or Claude Code Skills) — the open community-curated registry of 69,000+ SKILL.md files for Anthropic's Claude Code agent and the wider Claude ecosystem (Claude API, Claude Agent SDK).

How to install

Free

Manual install (2 steps)

mkdir -p ~/.claude/skills/oss-bucket-exploit
curl -L https://claudskills.com/skills/oss-bucket-exploit/SKILL.md \
  -o ~/.claude/skills/oss-bucket-exploit/SKILL.md

Or just download SKILL.md directly and drop it into ~/.claude/skills/oss-bucket-exploit/. Claude Code auto-discovers it on next session.

Skills live at ~/.claude/skills/oss-bucket-exploit/SKILL.md on macOS/Linux, or %USERPROFILE%\.claude\skills\oss-bucket-exploit\SKILL.md on Windows. See the full install guide for step-by-step instructions.

Pro

One-click install via the desktop app

The ClaudSkills desktop app installs any skill directly into ~/.claude/skills/ with one click — no terminal required. Pro starts at $9/mo or $149 lifetime.

Pro

For the full experience including quality scoring and one-click install features for each skill — upgrade to Pro.

See pricing → Download desktop app

Attribution & license

Source: https://github.com/wgpsec/AboutSecurity/blob/a7ae92e215106d4f535aac574873b557970dc516/skills/cloud/oss-bucket-exploit/SKILL.md
Author: wgpsec

More Security skills

Browse all Security skills in the ClaudSkills registry, or explore these other picks from the same category:

Browse all Security skills → Top 100 skills

Part of ClaudSkills — the open registry for Claude Skills & Claude Code Skills. · What's New · Install guide · About · llms.txt

Part of Acreator Store — Adam Lankamer's AI tools: PerfectStudio · Ucaption · UTagger · AutoXPoster · TestYourSkills · AutomationFlows · Au Naturel

Oss Bucket Exploit

From the source SKILL.md

What this skill does

Who uses this skill

How to install

Manual install (2 steps)

One-click install via the desktop app

Attribution & license

More Security skills

Categories

Use cases

Popular tags

Learn

Site