ClaudSkills / Security / red-team

Pentest

Quality score: 70/100  ·  Category: Security  ·  Sub-category: red-team
Static-analysis penetration test that hunts for exploitable vulnerabilities with proof-of-concept payloads and fix code. Covers SQL and NoSQL injection (string concatenation, raw queries, operator injection), XSS (reflected, stored, DOM-based, template injection, dangerouslySetInnerHTML), authentication bypass (missing auth middleware, JWT algorithm confusion, predictable tokens, OAuth state CSRF), authorization flaws (IDOR, mass assignment, horizontal/vertical privilege escalation), path traversal and file inclusion (unsanitized file paths, upload validation, LFI), command injection (exec, system, subprocess with user input), CSRF and SSRF (missing SameSite, user-supplied URLs, open redirects), hardcoded secrets (AWS keys, private keys, JWT secrets, connection strings, .env in git), and insecure deserialization (pickle, yaml.load, XXE, ObjectInputStream). Maps full attack surface with route inventory. Use for pre-release security validation, finding exploitable bugs, or generating penetration test evidence.

What this skill does

Pentest is a production-ready Claude Code skill (quality score 70/100) in the red-team sub-category. It ships as a SKILL.md file that Claude Code auto-discovers under ~/.claude/skills/pentest/ and loads when your prompt matches the skill's trigger.

Who uses this skill

The Pentest skill is built for security engineers, penetration testers, DevSecOps practitioners, and development teams hardening codebases and infrastructure. It is part of the open ClaudSkills registry, a community-curated catalog of 15,000+ capabilities you can install for Claude Code — the Claude CLI agent.

How to install

Free

Manual install (2 steps)

mkdir -p ~/.claude/skills/pentest
curl -L https://claudskills.com/skills/pentest/SKILL.md \
  -o ~/.claude/skills/pentest/SKILL.md

Or just download SKILL.md directly and drop it into ~/.claude/skills/pentest/. Claude Code auto-discovers it on next session.

Skills live at ~/.claude/skills/pentest/SKILL.md on macOS/Linux, or %USERPROFILE%\.claude\skills\pentest\SKILL.md on Windows. See the full install guide for step-by-step instructions.

Pro

One-click install via the desktop app

The ClaudSkills desktop app installs any skill directly into ~/.claude/skills/ with one click — no terminal required. Pro starts at $9/mo or $149 lifetime.

More Security skills

Browse all Security skills in the ClaudSkills registry, or explore these top-rated picks from the same category:

Browse all Security skills → Top 100 skills
Part of ClaudSkills — the open registry for Claude Code skills.  ·  What's New  ·  Install guide  ·  About  ·  llms.txt

Part of Acreator Store — Adam Lankamer's AI tools: GifPerfect · AspectPerfect · SlomoPerfect · Ucaption · UTagger · AutoXPoster · TestYourSkills