← 返回 Skills 市场
hostilespider

Bug Bounty Report Template

作者 HostileSpider · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
134
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install bb-report-template
功能描述
Generate professional bug bounty reports for HackerOne, Bugcrowd, and other platforms. Pre-filled templates with CWE mapping, reproduction steps, and severit...
使用说明 (SKILL.md)

Bug Bounty Report Template Generator

Generate professional, platform-ready bug bounty reports. Supports HackerOne, Bugcrowd, and generic formats with automatic CWE mapping and severity assessment.

Quick Start

python3 {baseDir}/scripts/generate-report.py --platform hackerone --title "XSS in Profile Page" --severity medium
python3 {baseDir}/scripts/generate-report.py --platform bugcrowd --type idor --target example.com

Options

  • --platform PLATFORM — Target platform: hackerone, bugcrowd, generic (default: generic)
  • --type TYPE — Vulnerability type: xss, idor, sqli, ssrf, rce, auth-bypass, info-disclosure, csrf, redirect, custom
  • --title TITLE — Report title
  • --severity LEVELcritical, high, medium, low, info
  • --target DOMAIN — Target domain/application
  • --output FILE — Output file path (default: stdout)
  • --template TEMPLATE — Custom template file

Features

  • Automatic CWE mapping for common vulnerability types
  • CVSS score calculation helper
  • Pre-formatted reproduction steps sections
  • Impact assessment templates
  • Mitigation suggestions
  • Scope validation reminders

Example Output Structure

# [Title]

## Summary
[Brief description]

## Steps to Reproduce
1. Navigate to...
2. Intercept request...
3. Modify parameter...

## Impact
[Business impact description]

## Remediation
[Suggested fix]

## References
- CWE-XXX: [Description]
- CVSS: [Score]
安全使用建议
This skill appears safe and does what it says: generate report text locally. Before using, run the script locally and inspect the output. Avoid pasting real API keys or live tokens into the generated Proof-of-Concept sections, and do not use the template to perform or describe destructive testing on live targets. If you want added safety, open the included scripts/generate-report.py in a text editor to review, then run the script in an isolated environment. (No network calls or credential usage were found in the code.)
功能分析
Type: OpenClaw Skill Name: bb-report-template Version: 1.0.0 The skill bundle is a straightforward template generator for bug bounty reports. The Python script (scripts/generate-report.py) uses standard libraries to format user-provided input into markdown reports with CWE mappings, and it contains no network activity, file system access (beyond writing the report), or suspicious instructions.
能力评估
Purpose & Capability
Name/description match the provided artifacts. The SKILL.md asks for python3 and the repository contains a Python script that generates report text with CWE/CVSS mappings and platform-specific checklists — all expected for a report template.
Instruction Scope
Runtime instructions only run the included Python script with command-line options; the script builds text and prints or writes it to a file. The instructions do not request reading unrelated system files, environment secrets, or contacting external endpoints.
Install Mechanism
No install spec is provided (instruction-only). The only required binary is python3, which is reasonable and proportional for running the included script.
Credentials
No environment variables, credentials, or config paths are requested. The script does not access environment secrets or external services; this is appropriate for the stated functionality.
Persistence & Privilege
The skill is not marked always:true and does not attempt to persist, modify other skills, or change system-wide settings. It only runs a one-off script when invoked.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install bb-report-template
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /bb-report-template 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — HackerOne/Bugcrowd report generator with CWE mapping
元数据
Slug bb-report-template
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Bug Bounty Report Template 是什么?

Generate professional bug bounty reports for HackerOne, Bugcrowd, and other platforms. Pre-filled templates with CWE mapping, reproduction steps, and severit... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 134 次。

如何安装 Bug Bounty Report Template?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install bb-report-template」即可一键安装,无需额外配置。

Bug Bounty Report Template 是免费的吗?

是的,Bug Bounty Report Template 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Bug Bounty Report Template 支持哪些平台?

Bug Bounty Report Template 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Bug Bounty Report Template?

由 HostileSpider(@hostilespider)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论