Skip to main content

Stop improvising. Start executing.

Rifteo skills are the methodology layer your AI agent is missing. Each skill encodes the exact steps, bypass techniques, and output formats that expert practitioners use so your agent delivers complete, structured results from the first prompt.

34 skills

Web, API, infrastructure, compliance, attack mindset, and reporting every phase covered

★ Top 5 benchmarked

Community-selected best performers proven by real benchmark data

One command install

rifteo-skills add <skill> no config, no account
★ marks the top 5 skills by benchmark performance. See the full benchmark results →

Top skills right now

Ranked by benchmark performance — real numbers, same model, skill on vs. skill off:
SkillHeadline ResultCategory
IDOR Hunter ★+120% more findings on the same targetAPI Security
XSS Hunter ★-75% time to complete a hunt, +29% more coverageWeb Application
SSRF Hunter ★False positives → confirmed exploitsInfrastructure
HexStrike Forge ★0 → 2 confirmed findings per sessionIntegrations
See full benchmark report →

What is a skill?

A skill is a self-contained instruction file that teaches an AI agent a specific security or compliance methodology. Each skill:
  • Defines precise trigger conditions: when the agent should activate it
  • Provides a step-by-step methodology the agent follows
  • Specifies the exact output format to produce
  • Includes rules and guardrails to prevent incorrect behavior
Skills are not code modules they are structured prompts that encode expert knowledge. The agent reads the SKILL.md, understands when to apply it, and executes the methodology against whatever the user provides.

Available skills

Web Application
SkillWhat it does
XSS Hunter ★Full XSS methodology: reflected, stored, DOM, filter bypass, CSP evasion, mXSS
IDOR Hunter ★Systematic IDOR and BOLA detection with multi-account testing and bypass techniques
XXE PhantomXXE injection: file read, blind OOB, SSRF chaining, SVG and XLSX vectors
SSTI HunterServer-side template injection with engine fingerprinting and RCE exploitation
JS AnalyzerJavaScript analysis for secrets, endpoints, sinks, and prototype pollution
HPP HunterHTTP parameter pollution detection and exploitation
Clickjacking HunterClickjacking detection and PoC generation
Redirect ForgeOpen redirect discovery and OAuth code theft chaining
API Security
SkillWhat it does
IDOR Hunter ★See Web Application — also covers API BOLA and object-level auth bypass
JWT CrackerJWT attacks: alg:none, weak secret brute-force, RS256 to HS256, kid injection
Infrastructure
SkillWhat it does
SSRF Hunter ★SSRF detection and exploitation turns false positives into confirmed exploits
Nuclei Template WriterWrites production-ready Nuclei templates from vulnerability descriptions
Check ExploitChecks if a CVE has a public exploit and assesses exploitability
Reconnaissance
SkillWhat it does
Scope Grill Validates and clarifies engagement scope before any testing begins
Attack SurfaceMaps the full attack surface of a target before testing begins
Vuln DiagnoseDiagnoses ambiguous or incomplete vulnerability reports
Reporting
SkillWhat it does
Finding WriterConverts raw notes into a structured, report-ready finding
Pentest ReportAssembles a full pentest report from individual findings
Bugbounty ReporterConverts raw findings into triage-ready HackerOne/Bugcrowd reports
CVSS Scorer ★Computes exact CVSS v3.1 base score and vector from a vulnerability description
Risk AssessorBusiness risk assessment and executive-ready justification from technical findings
Remediation PlannerGenerates specific, prioritized remediation plans with code-level fixes
Compliance
SkillWhat it does
Compliance Gap AnalyzerIdentifies compliance gaps against ISO 27001, SOC2, NIST, and PCI-DSS
Control LookupMaps controls across frameworks with cross-references and testing hints
Workflow
SkillWhat it does
Find SkillsDiscovers and installs the right skill for any security task
Engagement HandoffStructures engagement handoff notes between team members
CTF WriteupFormats CTF challenge writeups for publication
CavemanUltra-compressed comms mode for fast-paced testing sessions
Skill BenchmarkBenchmarks skill performance with and without the agent
Attack Mindset
SkillWhat it does
Red MindOffensive security mindset that shifts the agent to attacker thinking across any target type
Economist AttackPrioritizes high-impact attack paths using an effort-impact ratio — never waste budget on low-yield surfaces
Dead AngleRe-examines every conclusion from multiple vantage points before delivery — findings hold up under scrutiny
Less Noise AttackOperates below SOC detection thresholds — passive recon first, minimal footprint, targeted action only
Less Aggressive AttackOffensive engagement without damage — proves vulnerabilities exist through observation, not destruction
Integrations Skills that orchestrate external MCP tool servers into structured engagements.
SkillMCP ServerWhat it does
HexStrike Forge ★HexStrikeFull pentest engagement: 5-phase workflow, parallel execution, triage gates, and report-ready findings from a single prompt

Installing a skill

# Install a skill
rifteo-skills add <skill-name>

# Install globally (available in all projects)
rifteo-skills add <skill-name> --global

# List installed skills
rifteo-skills list

# List all available skills
rifteo-skills available

Skill anatomy

Every skill lives in its own directory: 
skills/
└── my-skill/
  ├── SKILL.md     # Required agent instructions
  ├── references/    # Optional context files the skill reads at runtime
  │  └── guide.md
  └── scripts/     # Optional Python or bash scripts the skill runs
    └── my-tool.py

SKILL.md

The core of every skill. It has two parts: a frontmatter block and a body. Frontmatter declares the skill’s identity and discovery metadata: 
---
name: my-skill
description: One-sentence description shown in skill discovery and search results.
license: MIT
metadata:
 version: "1.0.0"
 author: YourName
 tags: ["security", "compliance", "pentest"]
---
Body defines the agent behavior in structured Markdown sections: 
# Skill Title

## When to Use
Activate this skill when the user:
- asks to test X
- provides Y and wants it structured as Z

## Step 1: Title
What the agent does in this step.

## Output Format
Produce exactly this structure. Do not omit any section.

## Rules
- Rule 1: hard constraint
- Rule 2: behavior guardrail

Skill lifecycle

1

Define

Identify the methodology to encode: what triggers it, what steps it follows, and what output it produces
2

Write SKILL.md

Author the SKILL.md following the Style Guide: frontmatter, trigger conditions, step-by-step instructions, output format, and rules
3

Add references and scripts

Bundle any reference documents or helper scripts the skill needs into references/ and scripts/
4

Benchmark

Run skill-benchmark to score quality and check compatibility across agents if it doesn’t outperform no-skill, it doesn’t ship
5

Document

Write the .mdx documentation page following the Style Guide
6

Publish

Open a pull request the skill appears in the community hub after review and merge

Naming conventions

RuleGoodAvoid
Use kebab-caseidor-hunter, risk-assessorIDORHunter, risk_assessor
Name by what the skill does, not howfinding-writer, compliance-gap-analyzerrun-audit, do-check
Keep names under 40 characterscontrol-lookupmulti-framework-compliance-control-reference-lookup
Use descriptive tags from the approved listpentest, compliance, risk, auditmisc, tool, helper

Ready to contribute?

Follow the Style Guide and the contribution process to add your methodology to the community library.