ctf-stego — for Claude Code ctf-stego, cybersec-toolkit, community, for Claude Code, ide skills, ai-assistant, ai-hacking, blue-team, bug-bounty, claude-code

v1.0.0
GitHub

Acerca de este Skill

Escenario recomendado: Ideal for AI agents that need ctf stego methodology. Resumen localizado: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

Características

CTF stego methodology
CRITICAL — never Read an unvalidated image
Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:
run tool("file", "/path/to/image")
run tool("identify", "/path/to/image") # ImageMagick

# Temas principales

for Claude Code ai-assistant ai-hacking blue-team bug-bounty claude-code
26zl 26zl
[2]
[0]
Actualizado: 4/30/2026

Skill Overview

Start with fit, limitations, and setup before diving into the repository.

Escenario recomendado: Ideal for AI agents that need ctf stego methodology. Resumen localizado: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

¿Por qué usar esta habilidad?

Recomendacion: ctf-stego helps agents ctf stego methodology. Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. This AI agent skill supports

Mejor para

Escenario recomendado: Ideal for AI agents that need ctf stego methodology.

Casos de uso accionables for ctf-stego

Caso de uso: Applying CTF stego methodology
Caso de uso: Applying CRITICAL — never Read an unvalidated image
Caso de uso: Applying Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:

! Seguridad y limitaciones

  • Limitacion: Only Read the image after both checks pass.
  • Limitacion: Validate first: Only Read the image after both checks pass
  • Limitacion: Requires repository-specific context from the skill documentation

About The Source

The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.

Demo Labs

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

FAQ y pasos de instalación

These questions and steps mirror the structured data on this page for better search understanding.

? Preguntas frecuentes

¿Qué es ctf-stego?

Escenario recomendado: Ideal for AI agents that need ctf stego methodology. Resumen localizado: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

¿Cómo instalo ctf-stego?

Ejecuta el comando: npx killer-skills add 26zl/cybersec-toolkit/ctf-stego. Funciona con Cursor, Windsurf, VS Code, Claude Code y más de 19 IDE adicionales.

¿Cuáles son los casos de uso de ctf-stego?

Los casos de uso principales incluyen: Caso de uso: Applying CTF stego methodology, Caso de uso: Applying CRITICAL — never Read an unvalidated image, Caso de uso: Applying Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:.

¿Qué IDE son compatibles con ctf-stego?

Esta skill es compatible con Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Usa la CLI de Killer-Skills para una instalación unificada.

¿Tiene limitaciones ctf-stego?

Limitacion: Only Read the image after both checks pass.. Limitacion: Validate first: Only Read the image after both checks pass. Limitacion: Requires repository-specific context from the skill documentation.

Cómo instalar este skill

  1. 1. Abre tu terminal

    Abre la terminal o línea de comandos en el directorio de tu proyecto.

  2. 2. Ejecuta el comando de instalación

    Ejecuta: npx killer-skills add 26zl/cybersec-toolkit/ctf-stego. La CLI detectará tu IDE o agente automáticamente y configurará la skill.

  3. 3. Empieza a usar el skill

    El skill ya está activo. Tu agente de IA puede usar ctf-stego de inmediato en el proyecto actual.

! Source Notes

This page is still useful for installation and source reference. Before using it, compare the fit, limitations, and upstream repository notes above.

Upstream Repository Material

The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.

Upstream Source

ctf-stego

Install ctf-stego, an AI agent skill for AI agent workflows and automation. Explore features, use cases, limitations, and setup guidance.

SKILL.md
Readonly
Upstream Repository Material
The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.
Upstream Source

CTF stego methodology

0. CRITICAL — never Read an unvalidated image

Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:

bash
1run_tool("file", "/path/to/image")
2run_tool("identify", "/path/to/image")     # ImageMagick
3# or run_script:
4# from PIL import Image; img = Image.open(path); print(img.size, img.mode)

Only Read the image after both checks pass.

1. Triage every input

bash
1file <file>
2xxd <file> | head -30
3exiftool <file>            # metadata — flag often hides here
4strings <file> | grep -i "ctf\|flag\|key\|pass" | head
5binwalk <file>             # multi-file polyglots

Always check metadata first. ~30% of intro stego is just exiftool.

2. Image (PNG / JPG / BMP / GIF)

TechniqueTool / approach
LSB in pixelszsteg (PNG/BMP), stegsolve
EOF data after IEND/EOIbinwalk -e, manual hex
JPG specificsteghide extract -sf <file> (often with empty pass), stegseek for brute
PNG color planesstegsolve (visual layer toggle)
LSB matching, customzsteg -a, then write custom Python with PIL
Polyglot (file with valid headers for multiple formats)binwalk, foremost
File appended after IEND chunk (PNG)pngcheck -v, manual carve
Modified/extra chunkspngcheck -v, pngcsum
Width/height tampering (PNG)edit IHDR width/height, recalc CRC — tweakpng style
bash
1# zsteg covers most LSB cases for PNG/BMP
2zsteg -a image.png
3
4# steghide brute (jpg/wav/bmp)
5stegseek image.jpg rockyou.txt
6
7# Multi-tool sweep
8stegsolve image.png        # GUI, manual layer toggle

3. Audio (WAV / MP3 / FLAC / OGG)

TechniqueTool
LSB in sampleswavsteg, custom python
Steghide payloadsteghide, stegseek
Spectrogram (visual hidden in freq domain)audacity view spectrogram, sonic-visualiser
DTMF tonesmultimon-ng -a DTMF, manual tone analysis
Morselisten by ear, then morse-decoder or manual
SSTV (slow-scan TV in audio)qsstv, slowrx
bash
1# Spectrogram via sox
2sox audio.wav -n spectrogram -o spec.png
3# Then validate spec.png before reading (see step 0)
4
5# DTMF
6multimon-ng -a DTMF audio.wav

4. Video / GIF

bash
1# Extract frames
2ffmpeg -i video.mp4 -vf fps=1 frames/frame_%04d.png
3
4# Per-frame stego
5for f in frames/*.png; do zsteg -a "$f" 2>/dev/null | grep -i "flag\|ctf"; done
6
7# Audio track
8ffmpeg -i video.mp4 -vn audio.wav
9# Then audio analysis

5. Text / Unicode

TechniqueTool
Zero-width characterszwsp-steg, manual unicode inspect
Whitespace stegosnow, stegsnow
Homoglyph substitutionunicode normalize + diff
Base-N nested encodingsciphey, manual
Bacon / null ciphermanual + dcode.fr
bash
1# Show every character including invisibles
2python3 -c "import sys; [print(repr(c), hex(ord(c))) for c in open(sys.argv[1]).read()]" file.txt

6. Less common

  • PDF: pdf-parser, peepdf, qpdf --qdf — check streams, annotations, JS, attachments
  • Office docs: oletools (olevba, oleid), oledump, unzip the .docx/.xlsx
  • QR / barcode: zbarimg, zxing — also try partial QR reconstruction
  • DNA/protein sequences: ROT/encoding tricks, decode A/C/G/T as base-4

7. Default workflow

  1. exiftool + strings + binwalk -e always first
  2. If image → zsteg -a (PNG/BMP) OR stegseek (JPG)
  3. If audio → spectrogram view
  4. If nothing obvious → stegsolve GUI for visual analysis
  5. If still nothing → metadata might encode the answer (look at GPS, comment, software field)

8. Don't waste time on

  • LSB scripts when zsteg exists
  • Manually viewing spectrograms in matplotlib when audacity/sonic-visualiser exist
  • Reading the image with Read before validation (see step 0)

After solve

Use the writeup-template skill.

Habilidades relacionadas

Looking for an alternative to ctf-stego or another community skill for your workflow? Explore these related open-source skills.

Ver todo

openclaw-release-maintainer

Logo of openclaw
openclaw

Resumen localizado: 🦞 # OpenClaw Release Maintainer Use this skill for release and publish-time workflow. It covers ai, assistant, crustacean workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

333.8k
0
Inteligencia Artificial

widget-generator

Logo of f
f

Resumen localizado: Generate customizable widget plugins for the prompts.chat feed system # Widget Generator Skill This skill guides creation of widget plugins for prompts.chat . It covers ai, artificial-intelligence, awesome-list workflows. This AI agent skill supports Claude Code, Cursor, and

149.6k
0
Inteligencia Artificial

flags

Logo of vercel
vercel

Resumen localizado: The React Framework # Feature Flags Use this skill when adding or changing framework feature flags in Next.js internals. It covers blog, browser, compiler workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

138.4k
0
Navegador

pr-review

Logo of pytorch
pytorch

Resumen localizado: Usage Modes No Argument If the user invokes /pr-review with no arguments, do not perform a review . It covers autograd, deep-learning, gpu workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

98.6k
0
Desarrollador