ClawHub

CTF Writeup Generator

v1.0.0

Automatically generate professional CTF writeups from solving sessions with flag detection, challenge categorization, and proper markdown formatting

0· 1.3k·4 current·4 all-time
byAM@akhmittra
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the SKILL.md instructions: the skill generates CTF writeups, detects flags, categorizes challenges, formats markdown, and suggests platform-specific templates. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions remain within the writeup generation domain (gather challenge metadata, parse user notes, validate flag formats, produce/safe a markdown file). One notable point: the instructions produce exploit steps, commands, and privilege-escalation descriptions — this is consistent with CTF writeups but is dual-use content (allowed by purpose). The skill also saves files to disk (writes markdown files), which is expected but worth noting.
Install Mechanism
No install spec or code is included (instruction-only). No downloads or archive extraction occur.
Credentials
Requires no environment variables, credentials, or config paths. The declared and actual surface area match.
Persistence & Privilege
The skill does not set always:true. It also does not set disableModelInvocation:true, so the agent could invoke it autonomously when eligible — this is common for utility skills but worth awareness if you want strict user-trigger-only behavior.
Assessment
This skill appears coherent and does what it says: create professionally formatted CTF writeups from user-provided notes. Before installing, consider: (1) CTF writeups commonly include exploit commands and privilege-escalation steps — treat this as dual-use content and avoid pasting real production credentials or sensitive target data into the skill. (2) The skill will save markdown files to the agent workspace; ensure you are comfortable with outputs being written to disk. (3) The skill can be invoked by the model (disableModelInvocation not set) — if you require explicit user approval for every run, request disableModelInvocation or restrict the skill. (4) The SKILL.md references other skills (e.g., ghidra-skill); confirm those integrations are trustworthy before allowing cross-skill access. If you want tighter safety, restrict the agent from including real-world host/IPs or secrets in inputs and require user confirmation before saving or publishing writeups.

Like a lobster shell, security has layers — review code before you run it.

cybersecurityvk97cfmnnrfsgz3nbdpet7evge580sp8glatestvk97cfmnnrfsgz3nbdpet7evge580sp8g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments