CTF Writeup Generator
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only CTF documentation helper whose disclosed behavior is to format user-provided solving notes and save a local writeup; no hidden code, credential use, or exfiltration is evidenced.
This appears safe to use as a CTF writeup helper. Before installing or using it, note the weak source provenance, review generated filenames and Markdown contents, avoid including real credentials or private paths, and confirm any optional handoff to other tools or skills.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A Markdown writeup may be created in the working directory and may include flags, commands, paths, and other details from the solving session.
The skill asks the agent to create a local file using user-supplied platform and challenge values. This is expected for writeup generation, but it is still a local mutation users should notice.
Save the generated writeup to a markdown file named: `[platform]_[challenge-name]_writeup.md`
Review the generated filename and contents before saving or publishing, and avoid including real secrets or private system paths.
Users may have less ability to verify who maintains the skill or where to report issues.
The listed source is unknown and the homepage appears to be a placeholder, which makes maintainer provenance harder to verify. The impact is limited because the skill is instruction-only and no code is present.
Source: unknown; Homepage: https://github.com/yourusername/ctf-writeup-generator
Prefer skills with a verified repository or maintainer identity, especially before relying on them for sensitive documentation workflows.
If the user asks for integrations, challenge files, traffic, binaries, memory artifacts, or notes could be handled by additional tools or skills.
The documentation mentions optional handoffs or references to other security-analysis skills. No automatic invocation is shown, but data boundaries would depend on those other skills if used.
Multi-Tool Integration - Reference other skills for specific tasks: `ghidra-skill` ... `burpsuite-skill` ... `volatility-skill`
Approve each tool or skill handoff explicitly and share only the challenge artifacts you intend to analyze.