Does the skill automatically execute the PoC?

No, the skill identifies and formats the command for your review. For safety and control, you must execute the extracted command in your own authorized testing environment.

Is this based on the Fabric project?

Yes, this skill is an implementation of the extract_poc pattern from Daniel Miessler's Fabric project, ported for use within Claude Code.

Does it only extract URLs?

No, it extracts the URL along with the specific command needed to invoke it, such as curl commands with custom headers or specific script execution paths.

What types of security reports does this skill work with?

It is designed to work with bug bounty submissions, security disclosures, and technical vulnerability write-ups that contain technical reproduction steps.

Security PoC Extractor

Name: Security PoC Extractor
Author: bdmorin

bybdmorin

•

Security & Testing

Extracts actionable Proof of Concept (PoC) URLs and validation commands from security reports and bug bounty submissions.

The Security PoC Extractor is a specialized tool for security researchers and bug bounty hunters that automates the identification and extraction of vulnerability validation data. By parsing complex security reports, it isolates the specific Proof of Concept (PoC) URLs and the exact commands—such as curl requests with specific headers or Python scripts—needed to reproduce a finding. This skill streamlines the triage process, allowing teams to quickly verify security vulnerabilities without manually digging through report text for reproduction steps.

Key Features

01Identifies required headers, methods, and parameters for exploitation

02Automatic extraction of PoC URLs from technical security reports

031 GitHub stars

04Generates ready-to-use validation commands like curl and python

05Supports various vulnerability formats and validation methods

06Standardizes security findings into executable reproduction steps

Use Cases

01Developers verifying security patches by running extracted reproduction commands

02Triage teams rapidly validating incoming bug bounty submissions

03Security researchers reproducing vulnerabilities from public disclosure reports

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bdmorin/the-no-shop extract-poc

For use in Claude.ai and ChatGPT