ctf-stego — for Claude Code ctf-stego, cybersec-toolkit, community, for Claude Code, ide skills, ai-assistant, ai-hacking, blue-team, bug-bounty, claude-code

v1.0.0
GitHub

Об этом навыке

Подходящий сценарий: Ideal for AI agents that need ctf stego methodology. Локализованное описание: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

Возможности

CTF stego methodology
CRITICAL — never Read an unvalidated image
Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:
run tool("file", "/path/to/image")
run tool("identify", "/path/to/image") # ImageMagick

# Core Topics

for Claude Code ai-assistant ai-hacking blue-team bug-bounty claude-code
26zl 26zl
[2]
[0]
Updated: 4/30/2026

Killer-Skills Review

Decision support comes first. Repository text comes second.

Reference-Only Page Review Score: 8/11

This page remains useful for teams, but Killer-Skills treats it as reference material instead of a primary organic landing page.

Original recommendation layer Concrete use-case guidance Explicit limitations and caution
Review Score
8/11
Quality Score
46
Canonical Locale
en
Detected Body Locale
en

Подходящий сценарий: Ideal for AI agents that need ctf stego methodology. Локализованное описание: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

Зачем использовать этот навык

Рекомендация: ctf-stego helps agents ctf stego methodology. Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. This AI agent skill supports Claude

Подходит лучше всего

Подходящий сценарий: Ideal for AI agents that need ctf stego methodology.

Реализуемые кейсы использования for ctf-stego

Сценарий использования: Applying CTF stego methodology
Сценарий использования: Applying CRITICAL — never Read an unvalidated image
Сценарий использования: Applying Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:

! Безопасность и ограничения

  • Ограничение: Only Read the image after both checks pass.
  • Ограничение: Validate first: Only Read the image after both checks pass
  • Ограничение: Requires repository-specific context from the skill documentation

Why this page is reference-only

  • - Current locale does not satisfy the locale-governance contract.
  • - The underlying skill quality score is below the review floor.

Source Boundary

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

After The Review

Decide The Next Action Before You Keep Reading Repository Material

Killer-Skills should not stop at opening repository instructions. It should help you decide whether to install this skill, when to cross-check against trusted collections, and when to move into workflow rollout.

Install Path

Start With Installation And Validation

If this skill is worth continuing with, the next step is to confirm the install command, CLI write path, and environment validation.
Trusted Recheck

Cross-Check Against Trusted Picks

If you are still comparing multiple skills or vendors, go back to the trusted collection before amplifying repository noise.
Workflow

Move To Workflow Collections For Team Rollout

When the goal shifts from a single skill to team workflows, approvals, and repeatable execution, move into workflow collections.
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is ctf-stego?

Подходящий сценарий: Ideal for AI agents that need ctf stego methodology. Локализованное описание: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

How do I install ctf-stego?

Run the command: npx killer-skills add 26zl/cybersec-toolkit/ctf-stego. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for ctf-stego?

Key use cases include: Сценарий использования: Applying CTF stego methodology, Сценарий использования: Applying CRITICAL — never Read an unvalidated image, Сценарий использования: Applying Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:.

Which IDEs are compatible with ctf-stego?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for ctf-stego?

Ограничение: Only Read the image after both checks pass.. Ограничение: Validate first: Only Read the image after both checks pass. Ограничение: Requires repository-specific context from the skill documentation.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add 26zl/cybersec-toolkit/ctf-stego. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use ctf-stego immediately in the current project.

! Reference-Only Mode

This page remains useful for installation and reference, but Killer-Skills no longer treats it as a primary indexable landing page. Read the review above before relying on the upstream repository instructions.

Upstream Repository Material

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

Upstream Source

ctf-stego

Install ctf-stego, an AI agent skill for AI agent workflows and automation. Review the use cases, limitations, and setup path before rollout.

SKILL.md
Readonly
Upstream Repository Material
The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.
Supporting Evidence

CTF stego methodology

0. CRITICAL — never Read an unvalidated image

Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:

bash
1run_tool("file", "/path/to/image")
2run_tool("identify", "/path/to/image")     # ImageMagick
3# or run_script:
4# from PIL import Image; img = Image.open(path); print(img.size, img.mode)

Only Read the image after both checks pass.

1. Triage every input

bash
1file <file>
2xxd <file> | head -30
3exiftool <file>            # metadata — flag often hides here
4strings <file> | grep -i "ctf\|flag\|key\|pass" | head
5binwalk <file>             # multi-file polyglots

Always check metadata first. ~30% of intro stego is just exiftool.

2. Image (PNG / JPG / BMP / GIF)

TechniqueTool / approach
LSB in pixelszsteg (PNG/BMP), stegsolve
EOF data after IEND/EOIbinwalk -e, manual hex
JPG specificsteghide extract -sf <file> (often with empty pass), stegseek for brute
PNG color planesstegsolve (visual layer toggle)
LSB matching, customzsteg -a, then write custom Python with PIL
Polyglot (file with valid headers for multiple formats)binwalk, foremost
File appended after IEND chunk (PNG)pngcheck -v, manual carve
Modified/extra chunkspngcheck -v, pngcsum
Width/height tampering (PNG)edit IHDR width/height, recalc CRC — tweakpng style
bash
1# zsteg covers most LSB cases for PNG/BMP
2zsteg -a image.png
3
4# steghide brute (jpg/wav/bmp)
5stegseek image.jpg rockyou.txt
6
7# Multi-tool sweep
8stegsolve image.png        # GUI, manual layer toggle

3. Audio (WAV / MP3 / FLAC / OGG)

TechniqueTool
LSB in sampleswavsteg, custom python
Steghide payloadsteghide, stegseek
Spectrogram (visual hidden in freq domain)audacity view spectrogram, sonic-visualiser
DTMF tonesmultimon-ng -a DTMF, manual tone analysis
Morselisten by ear, then morse-decoder or manual
SSTV (slow-scan TV in audio)qsstv, slowrx
bash
1# Spectrogram via sox
2sox audio.wav -n spectrogram -o spec.png
3# Then validate spec.png before reading (see step 0)
4
5# DTMF
6multimon-ng -a DTMF audio.wav

4. Video / GIF

bash
1# Extract frames
2ffmpeg -i video.mp4 -vf fps=1 frames/frame_%04d.png
3
4# Per-frame stego
5for f in frames/*.png; do zsteg -a "$f" 2>/dev/null | grep -i "flag\|ctf"; done
6
7# Audio track
8ffmpeg -i video.mp4 -vn audio.wav
9# Then audio analysis

5. Text / Unicode

TechniqueTool
Zero-width characterszwsp-steg, manual unicode inspect
Whitespace stegosnow, stegsnow
Homoglyph substitutionunicode normalize + diff
Base-N nested encodingsciphey, manual
Bacon / null ciphermanual + dcode.fr
bash
1# Show every character including invisibles
2python3 -c "import sys; [print(repr(c), hex(ord(c))) for c in open(sys.argv[1]).read()]" file.txt

6. Less common

  • PDF: pdf-parser, peepdf, qpdf --qdf — check streams, annotations, JS, attachments
  • Office docs: oletools (olevba, oleid), oledump, unzip the .docx/.xlsx
  • QR / barcode: zbarimg, zxing — also try partial QR reconstruction
  • DNA/protein sequences: ROT/encoding tricks, decode A/C/G/T as base-4

7. Default workflow

  1. exiftool + strings + binwalk -e always first
  2. If image → zsteg -a (PNG/BMP) OR stegseek (JPG)
  3. If audio → spectrogram view
  4. If nothing obvious → stegsolve GUI for visual analysis
  5. If still nothing → metadata might encode the answer (look at GPS, comment, software field)

8. Don't waste time on

  • LSB scripts when zsteg exists
  • Manually viewing spectrograms in matplotlib when audacity/sonic-visualiser exist
  • Reading the image with Read before validation (see step 0)

After solve

Use the writeup-template skill.

Связанные навыки

Looking for an alternative to ctf-stego or another community skill for your workflow? Explore these related open-source skills.

Показать все

openclaw-release-maintainer

Logo of openclaw
openclaw

Локализованное описание: 🦞 # OpenClaw Release Maintainer Use this skill for release and publish-time workflow. It covers ai, assistant, crustacean workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

333.8k
0
Искусственный интеллект

widget-generator

Logo of f
f

Локализованное описание: Generate customizable widget plugins for the prompts.chat feed system # Widget Generator Skill This skill guides creation of widget plugins for prompts.chat . It covers ai, artificial-intelligence, awesome-list workflows. This AI agent skill supports Claude Code, Cursor

149.6k
0
Искусственный интеллект

flags

Logo of vercel
vercel

Локализованное описание: The React Framework # Feature Flags Use this skill when adding or changing framework feature flags in Next.js internals. It covers blog, browser, compiler workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

138.4k
0
Браузер

pr-review

Logo of pytorch
pytorch

Локализованное описание: Usage Modes No Argument If the user invokes /pr-review with no arguments, do not perform a review . It covers autograd, deep-learning, gpu workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

98.6k
0
Разработчик