Your AI agent improvises. We make it execute.
The #1 open source toolkit purpose-built for AI security agents
The first complete, community-built toolkit for AI security agents. Not a scanner. Not a platform. The methodology layer that turns your AI agent into an expert practitioner overnight. Skills that encode exactly how senior pentesters think. Contexts that prime your agent before every engagement. Live bug bounty scope and disclosed reports from five platforms — all inside your agent before the first prompt. Stop letting your agent guess. Start letting it execute.34 skills
Covering every phase of a security engagement — from scoping to final report
5 platforms, live scope
HackerOne, Intigriti, YesWeHack, Bugcrowd, Immunefi — inside your agent before the first prompt.
Zero setup. Any agent.
MIT licensed. No account. No config. Works with Claude Code, Cursor, Windsurf, and more.
Proven by real numbers
These are real benchmark results — same prompt, same model, skill on vs. skill off:| Without Skill | With Skill | |
|---|---|---|
| IDOR findings on the same target | 5 | 11 (+120%) |
| Time to complete XSS hunt | 8 min | 2 min (-75%) |
| SSRF result quality | False positives | Confirmed exploit |
| Turns to complete JWT test | 3 | 1 (-67%) |
| Scope collection time | 43s | 4s (-90%) |
★ Featured resources
The best-performing skills and context in the hub — ranked by real benchmark data, not votes. Skills| Skill | Headline result | Category |
|---|---|---|
| IDOR Hunter ★ | +120% more findings on the same target | API Security |
| XSS Hunter ★ | -75% time to complete a hunt, +29% more coverage | Web Application |
| HexStrike Forge ★ | 0 → 2 confirmed findings per session | Integrations |
| CVSS Scorer ★ | -63% tokens, -68% time — same score, zero noise | Reporting |
| Context | What it gives your agent | Install |
|---|---|---|
| Scope to Bounty ★ | Live scope from HackerOne, Intigriti, YesWeHack, Bugcrowd, Immunefi + disclosed reports | rifteo-context install |
★ = benchmarked top performer. See all results →
The problem with AI agents and security work
Ask an agent to hunt for IDOR bugs. It improvises. It misses verb inconsistency checks, skips GraphQL object exposure, never tests parameter pollution. You re-prompt five times, burn 3× the tokens, and still get an incomplete result. The agent is not the problem. The missing methodology is.What’s in the Community Hub?
| Resource | Description |
|---|---|
| Skills | 34 reusable methodology units for pentesting, bug bounty, compliance, and reporting |
| Scripts | Automation scripts that support skill execution: scanners, payload generators, report parsers |
| Contexts | Engagement-specific knowledge bases for web app pentest, cloud audit, code audit, and more |
One command away
Built by the community. Trusted by practitioners.
Every skill, context, and tool in this hub was contributed, benchmarked, and peer-reviewed by security professionals. No theoretical exercises — every methodology has been run against real targets and measured against the alternative of flying blind. If a resource doesn’t perform better than an agent without it, it doesn’t ship.Claude Code slash commands
Install any skill for Claude Code and get six slash commands that work in every session — no skill loaded required:| Command | What it does |
|---|---|
/rifteo:triage | 7-question pre-submission gate — outputs GO, KILL, or DOWNGRADE with evidence |
/rifteo:chain | Given a confirmed finding, checks for companion bugs to escalate severity |
/rifteo:report | Writes a submission-ready bug bounty report: title, steps, PoC, impact, remediation |
/rifteo:hunt | Launches a structured 7-phase engagement workflow on a target |
/rifteo:intel | Pulls CVEs, GitHub advisories, and HackerOne hacktivity for any named technology |
/rifteo:setup | Audits your Rifteo install and gives exact setup steps for anything missing |
Get started
Add your first skill
Set up Rifteo and run your first skill in under 5 minutes
Browse all 34 skills
Explore the full library across 8 categories
See the numbers
Real benchmark results — skill on vs. skill off
Contribute
Add your methodology to the community library