api-server-mcp
vmain
io.github.xberg-io/xberg/api-server-mcp
REST API server and MCP protocol integration
io.github.shuvonsec/claude-bug-bounty/mobile-pentest · vmain
Mobile app pentest for bug bounty (Android APK + iOS IPA) — runtime-first workflow: install app, proxy through Burp/mitmproxy, drive the UI, capture packets, then test the API exactly like a web target; escalate to decompile (apktool/jadx) and Frida/objection only when traffic is SSL-pinned, encrypted, or absent. Covers APK/IPA decompile for hardcoded secrets + hidden API endpoints + base URLs the web app never exposes, exported-activity and deeplink intent injection, WebView addJavascriptInterface bridge abuse, SSL pinning bypass (objection patchapk / Frida CertificatePinner + checkServerTrusted hooks), OkHttp interceptor chain to recover request signing, JNI native-lib triage, and the quick apktool/grep secret + endpoint sweep. Use when the program scope includes a mobile app, when web recon dries up and you need a fresh attack surface, or when traffic is pinned and you must MitM it.
热度数据
mobile-pentest 是一个Agent Skill,收录自 SkillsMP。本页提供 Cursor、Claude Code 等客户端的安装配置片段。
Agent Skill 是带 SKILL.md 的指令包。安装后,AI 会根据 description 在匹配任务时自动加载,无需每次手动粘贴提示词。
选择你的平台查看安装方式
选择安装方式
# 改 -a 切换客户端:cursor | claude-code | codex | github-copilot
npx skills add shuvonsec/claude-bug-bounty@mobile-pentest -a cursor -y安装完成后,在对话中直接描述你的任务(或提及技能名称)。Agent 会先读取 SKILL.md 的 description 判断是否启用,再按其中的步骤执行。可用 /skills(Claude Code)或在设置中查看已加载的 Skills。
vmain
io.github.xberg-io/xberg/api-server-mcp
REST API server and MCP protocol integration
vmain
io.github.UitbreidenOS/UitKit/css-resets-initial-layout-structures
Guidelines and instructions for CSS resets initial layout structures
vmain
io.github.khalilbenaz/claude-skills-collection/css-layout-solver
Résout les problèmes de layout CSS avec Flexbox, Grid et techniques modernes. Se déclenche avec "CSS", "layout", "Flexbox", "Grid", "centrer", "aligner", "responsive", "mon layout est cassé", "overflow", "z-index".
vmain
io.github.zekdevs/pi-config/kubernetes-debug
Inspect pod logs, analyze resource quotas, trace network policies, check deployment rollout status, and run cluster health checks for Kubernetes. Use this skill when diagnosing Kubernetes cluster issues, debugging failing pods, investigating network connectivity problems, analyzing resource usage, troubleshooting deployments, or performing cluster health checks.
vdev
io.github.ethereum/ethereum-org-website/design-system
Use when building, refactoring, or styling any UI in the ethereum.org Next.js site (`src/components/`, `app/`, `src/styles/`, `public/content/`, or any `.tsx`/`.mdx`/`.css` change that affects the rendered UI). Provides canonical component choices, design tokens, RTL/i18n rules, server/client guidance, and the "use a variant, not a new component" pattern for the project's Tailwind v4 + Radix + shadcn-style design system.
vmaster
io.github.PostHog/posthog/writing-skills
Guide for writing PostHog agent skills — job-to-be-done templates that teach agents how to use MCP tools to achieve a goal. Use when adding new product functionality that agents should know how to work with, creating a new skill, or updating existing skills in products/*/skills/.
{
"id": "io.github.shuvonsec/claude-bug-bounty/mobile-pentest",
"type": "skill",
"version": "main",
"displayName": "mobile-pentest",
"description": "Mobile app pentest for bug bounty (Android APK + iOS IPA) — runtime-first workflow: install app, proxy through Burp/mitmproxy, drive the UI, capture packets, then test the API exactly like a web target; escalate to decompile (apktool/jadx) and Frida/objection only when traffic is SSL-pinned, encrypted, or absent. Covers APK/IPA decompile for hardcoded secrets + hidden API endpoints + base URLs the web app never exposes, exported-activity and deeplink intent injection, WebView addJavascriptInterface bridge abuse, SSL pinning bypass (objection patchapk / Frida CertificatePinner + checkServerTrusted hooks), OkHttp interceptor chain to recover request signing, JNI native-lib triage, and the quick apktool/grep secret + endpoint sweep. Use when the program scope includes a mobile app, when web recon dries up and you need a fresh attack surface, or when traffic is pinned and you must MitM it.",
"author": {
"name": "shuvonsec",
"url": "https://github.com/shuvonsec"
},
"repository": {
"url": "https://github.com/shuvonsec/claude-bug-bounty",
"source": "github",
"subfolder": "skills/mobile-pentest"
},
"homepage": "https://skillsmp.com/creators/shuvonsec/claude-bug-bounty/skills-mobile-pentest",
"distribution": {
"packages": [
{
"registryType": "source",
"identifier": "shuvonsec/claude-bug-bounty@mobile-pentest",
"version": "main",
"runtimeHint": "npx skills add"
}
],
"remotes": []
},
"dependencies": [],
"installTargets": [
"claude-code",
"claude-desktop",
"cursor",
"codex",
"vscode"
],
"keywords": [
"repo_stars:3500"
],
"provenance": {
"origin": "skillsmp",
"originalId": "shuvonsec-claude-bug-bounty-skills-mobile-pentest-skill-md",
"originalUrl": "https://skillsmp.com/creators/shuvonsec/claude-bug-bounty/skills-mobile-pentest",
"isOfficial": false,
"status": "active"
}
}