← 返回 Skills 市场
gandli

Ctf Writeup

作者 gandli · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
124
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ctf-writeup
功能描述
Generates a single standardized submission-style CTF writeup for competition handoff and organizer review. Use after solving a CTF challenge to document the...
使用说明 (SKILL.md)

CTF Write-up Generator

Generate a standardized submission-style CTF writeup for a solved challenge.

Default behavior:

  • During an active competition, optimize for speed, clarity, and reproducibility
  • Keep writeups short enough that a teammate or organizer can validate the solve quickly
  • Always produce a submission-style writeup
  • Prefer one complete solve script from challenge data to final flag

Workflow

Step 1: Gather Information

Collect the following from the current session, challenge files, and user input:

  1. Challenge metadata — name, CTF event, category, difficulty, points, flag format
  2. Solution artifacts — exploit scripts, payloads, screenshots, command output
  3. Timeline — key steps taken, dead ends, pivots
# Scan for exploit scripts and artifacts
find . -name '*.py' -o -name '*.sh' -o -name 'exploit*' -o -name 'solve*' | head -20
# Check for flags in output files
grep -rniE '(flag|ctf|eno|htb|pico)\{' . 2>/dev/null

Step 2: Generate Write-up

Write the writeup file as writeup.md (or writeup-\x3Cchallenge-name>.md) using the submission template below.

Templates

Submission Format

---
title: "\x3CChallenge Name>"
ctf: "\x3CCTF Event Name>"
date: YYYY-MM-DD
category: web|pwn|crypto|reverse|forensics|osint|malware|misc
difficulty: easy|medium|hard
points: \x3Cnumber>
flag_format: "flag{...}"
author: "\x3Cyour name or team>"
---

# \x3CChallenge Name>

## Summary

\x3C1-2 sentences: what the challenge was and the core technique. Keep it direct.>

## Solution

### Step 1: \x3CAction>

\x3CExplain the key observation in 3-8 short lines. Keep it direct.>

\`\`\`python
\x3Cone complete solving script from provided challenge data to printing the final flag>
\`\`\`

### Step 2: \x3CAction> (optional)

\x3COnly add this when a second short step genuinely helps readability, such as separating the core observation from final verification.>

### Step 3: \x3CAction> (optional)

\x3CUse only if the challenge really needs it. Keep the total number of steps small.>

## Flag

\`\`\`
flag{example_flag_here}
\`\`\`

Guidance:

  • Prefer 1-3 short steps total
  • Keep code to the smallest complete solving script
  • Do not split "recover secret", "derive key", and "decrypt flag" into separate partial snippets
  • The script should start from the challenge data and end by printing the flag
  • Avoid long background sections
  • Avoid dead ends unless they explain a key pivot
  • Avoid multiple alternative solves; pick one clean path
  • Redact the flag only if the user explicitly asks for redaction

Best Practices Checklist

Before finalizing the writeup, verify:

  • Metadata complete — title, CTF, date, category, difficulty, points, author all filled
  • Flag handling matches request — keep the real flag unless the user asked for redaction
  • Reproducible steps — a reader can follow your writeup and reproduce the solution
  • Code is runnable — exploit scripts include all imports, correct variable names, and comments
  • No sensitive data — no real credentials, API keys, or private infrastructure details
  • Length stays concise — the writeup is short enough for fast review
  • Tools and versions noted — mention specific tool versions if behavior depends on them
  • Proper attribution — credit teammates, referenced writeups, or tools that were essential
  • Grammar and formatting — consistent heading levels, code blocks have language tags

Quality Guidelines

DO:

  • Explain just enough for fast verification
  • Include one complete solving path, not multiple alternative routes
  • Include one complete script that goes all the way to the final flag
  • Show actual output (truncated if very long) to prove the approach worked
  • Tag code blocks with language (python, bash, sql, etc.)
  • Keep the main path front-loaded so a reader can validate it quickly

DON'T:

  • Copy-paste raw terminal dumps without explanation
  • Paste several partial snippets that force the reader to reconstruct the final solve
  • Leave placeholder text in the final writeup
  • Include irrelevant tangents that don't contribute to the solution
  • Assume the reader knows the specific challenge setup

Challenge

$ARGUMENTS

安全使用建议
This skill is generally coherent for producing CTF writeups, but it instructs the agent to search the entire working directory and to include real flags by default. Before installing or running it: (1) run it only in an isolated/sanitized challenge directory or a copy of the challenge files (not your home directory or repo root); (2) explicitly tell the skill to redact flags or sensitive data if you don't want real secrets in the output; (3) consider removing or narrowing the find/grep lines to target a known challenge folder; (4) avoid giving it web/network tools unless you need them; and (5) if you're unsure, test the skill on a non-sensitive sample to observe what files it reads and what it outputs.
功能分析
Type: OpenClaw Skill Name: ctf-writeup Version: 1.0.0 The skill is a legitimate utility designed to automate the creation of CTF challenge writeups. It uses standard bash commands like 'find' and 'grep' in SKILL.md to locate local exploit scripts and flag strings to populate a structured markdown template, which is consistent with its stated purpose and lacks any indicators of malicious intent or data exfiltration.
能力评估
Purpose & Capability
The name/description match the instructions: generating a submission-style writeup from challenge files. Requiring a filesystem-capable agent and use of bash/Python is coherent. Minor mismatch: allowed-tools includes WebFetch/WebSearch which are not referenced in the instructions and are unnecessary for offline writeup generation.
Instruction Scope
The SKILL.md explicitly instructs the agent to run broad filesystem scans (find . and recursive grep) and to collect 'solution artifacts' and flags from the current session and challenge files. Those commands can read any file under the working directory (or repository root), potentially exposing unrelated sensitive files. The guidance 'Redact the flag only if the user explicitly asks for redaction' means the agent will include real flags by default, raising a risk of leaking sensitive contents.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer and no external packages are fetched. This is the lowest-risk install profile.
Credentials
No environment variables or credentials are requested (good). However, the instructions permit reading arbitrary files and session data; that filesystem access can expose secrets (API keys, private notes, other flags) even though no env vars are declared. The skill does not require or justify broad filesystem access beyond the challenge directory.
Persistence & Privilege
always:false and no requests to modify agent/system configuration. The skill does not request permanent or elevated privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ctf-writeup
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ctf-writeup 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of ctf-writeup: a skill for generating standardized, submission-style CTF writeups. - Provides a complete markdown template covering challenge metadata, core solution steps, and flag submission. - Automatically collects relevant scripts and artifacts for documentation. - Optimizes writeup content for speed, clarity, and reproducibility in active competitions. - Includes a best-practices checklist and quality guidelines for concise, reviewer-friendly writeups.
元数据
Slug ctf-writeup
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Ctf Writeup 是什么?

Generates a single standardized submission-style CTF writeup for competition handoff and organizer review. Use after solving a CTF challenge to document the... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 124 次。

如何安装 Ctf Writeup?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ctf-writeup」即可一键安装,无需额外配置。

Ctf Writeup 是免费的吗?

是的,Ctf Writeup 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Ctf Writeup 支持哪些平台?

Ctf Writeup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Ctf Writeup?

由 gandli(@gandli)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论