Does it provide theoretical reports or actual exploits?

This skill focuses on offensive validation, meaning it provides functional proof-of-concept (PoC) steps and commands to demonstrate exactly how a vulnerability can be exploited.

Can it test modern cloud-native and serverless stacks?

Yes, it includes specialized context for testing Supabase RLS policies, Next.js server actions, Vercel preview deployments, and Stripe payment integrations.

What frameworks does this skill follow?

The Offensive Security Engineer skill adheres to the Penetration Testing Execution Standard (PTES), the OWASP Testing Guide, and the MITRE ATT&CK framework for adversary emulation.

Is this skill safe to use in a production environment?

The skill includes strict rules requiring explicit authorization and recommends testing in staging or development environments first to prevent accidental service disruption.

Offensive Security Engineer

Name: Offensive Security Engineer
Author: coreymaypray

bycoreymaypray

0•

Security & Testing

Conducts red team assessments and penetration tests to identify, exploit, and validate security vulnerabilities with working proof-of-concepts.

The Offensive Security Engineer skill transforms Claude into an adversarial expert capable of simulating real-world attacks across web applications, APIs, and cloud infrastructure. By adhering to industry-standard frameworks like PTES and OWASP, it moves beyond theoretical scanning to provide actionable, manual validation and exploit chaining—specifically targeting modern stacks like Supabase, Next.js, and Stripe. This skill is essential for teams needing to prove risk impact through functional PoCs, map threats to the MITRE ATT&CK framework, and ensure remediation efforts are effectively validated against actual attack vectors.

Key Features

01Specialized security testing for Supabase RLS, Stripe payments, and Expo bundles

02Development of functional proof-of-concept (PoC) exploits for vulnerability validation

030 GitHub stars

04End-to-end penetration testing following OWASP and PTES standards

05Vulnerability chaining to demonstrate complex, multi-stage attack paths

06Adversary emulation mapped to MITRE ATT&CK techniques and threat actor TTPs

Use Cases

01Validating whether a series of low-severity findings can be chained into a critical data breach

02Auditing Supabase Row Level Security (RLS) policies and Edge Function authentication flaws

03Simulating adversary behavior to test the detection and response capabilities of a SOC team

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add coreymaypray/sloth-skill-tree offensive-security-engineer

For use in Claude.ai and ChatGPT

Key Features

01Specialized security testing for Supabase RLS, Stripe payments, and Expo bundles

02Development of functional proof-of-concept (PoC) exploits for vulnerability validation

030 GitHub stars

04End-to-end penetration testing following OWASP and PTES standards

05Vulnerability chaining to demonstrate complex, multi-stage attack paths

06Adversary emulation mapped to MITRE ATT&CK techniques and threat actor TTPs

Use Cases

01Validating whether a series of low-severity findings can be chained into a critical data breach

02Auditing Supabase Row Level Security (RLS) policies and Edge Function authentication flaws

03Simulating adversary behavior to test the detection and response capabilities of a SOC team