How does this toolkit interact with target URLs?

The toolkit uses Python scripts executed via 'uv run' to perform non-interactive scans, discovery, and testing, returning all results in structured JSON for the AI agent to interpret.

Is it safe to use this on any website?

No, this toolkit should only be used on systems you own or have explicit written authorization to test. Penetration testing can be resource-intensive and may impact service stability.

Does it require manual configuration for each scan?

No, the scripts are specifically designed for autonomous execution by AI agents, requiring only a target URL or IP to begin the discovery and testing process.

What kind of vulnerabilities can this skill detect?

It specializes in detecting SQL injection (Union, Boolean, Time-based), Cross-Site Scripting (XSS), endpoint enumeration flaws, and business logic vulnerabilities through pattern recognition.

Why is 'uv' required for the scripts to run?

The toolkit uses 'uv' for high-performance Python dependency management, ensuring that all security scripts have the necessary libraries available without manual installation steps.

AI Security & Pentesting Toolkit

Name: AI Security & Pentesting Toolkit
Author: nibzard

bynibzard

0•

セキュリティとテスト

Conducts automated security audits and penetration tests using AI-driven discovery, vulnerability scanning, and structured analysis.

The AI Security & Pentesting Toolkit is a professional-grade suite designed to empower Claude and other AI agents to perform comprehensive security assessments. It provides a specialized set of scripts for endpoint discovery, port scanning, and vulnerability testing for SQL injection and XSS, all while delivering structured JSON output for seamless agent consumption. This skill is ideal for developers and security researchers who need to automate attack surface mapping and business logic analysis without manual intervention, ensuring a rigorous and repeatable security posture through context-aware test generation.

主な機能

01Automated API and application structure discovery without source code access

02Context-aware security test generation based on discovered application patterns

030 GitHub stars

04Comprehensive security report generation in both Markdown and JSON formats

05Intelligent SQL injection and XSS vulnerability scanning with multiple techniques

06Structured JSON output for all scripts to facilitate automated agent-led workflows

ユースケース

01Identifying complex business logic vulnerabilities through automated pattern analysis

02Automated security auditing of new API endpoints during the development lifecycle

03Mapping the attack surface of undocumented legacy applications for security hardening

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nibzard/skills-marketplace pentest-toolkit

For use in Claude.ai and ChatGPT

Download Skill