ctf-stego — for Claude Code ctf-stego, cybersec-toolkit, community, for Claude Code, ide skills, ai-assistant, ai-hacking, blue-team, bug-bounty, claude-code

v1.0.0
GitHub

关于此技能

适用场景: Ideal for AI agents that need ctf stego methodology. 本地化技能摘要: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

功能特性

CTF stego methodology
CRITICAL — never Read an unvalidated image
Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:
run tool("file", "/path/to/image")
run tool("identify", "/path/to/image") # ImageMagick

# 核心主题

for Claude Code ai-assistant ai-hacking blue-team bug-bounty claude-code
26zl 26zl
[2]
[0]
更新于: 4/30/2026

技能概览

先看适用场景、限制条件和安装路径,再决定是否继续深入。

适用场景: Ideal for AI agents that need ctf stego methodology. 本地化技能摘要: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

核心价值

推荐说明: ctf-stego helps agents ctf stego methodology. Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. This AI agent skill supports Claude Code

适用 Agent 类型

适用场景: Ideal for AI agents that need ctf stego methodology.

赋予的主要能力 · ctf-stego

适用任务: Applying CTF stego methodology
适用任务: Applying CRITICAL — never Read an unvalidated image
适用任务: Applying Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:

! 使用限制与门槛

  • 限制说明: Only Read the image after both checks pass.
  • 限制说明: Validate first: Only Read the image after both checks pass
  • 限制说明: Requires repository-specific context from the skill documentation

关于来源内容

The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.

实验室 Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

常见问题与安装步骤

以下问题与步骤与页面结构化数据保持一致,便于搜索引擎理解页面内容。

? FAQ

ctf-stego 是什么?

适用场景: Ideal for AI agents that need ctf stego methodology. 本地化技能摘要: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

如何安装 ctf-stego?

运行命令:npx killer-skills add 26zl/cybersec-toolkit/ctf-stego。支持 Cursor、Windsurf、VS Code、Claude Code 等 19+ IDE/Agent。

ctf-stego 适用于哪些场景?

典型场景包括:适用任务: Applying CTF stego methodology、适用任务: Applying CRITICAL — never Read an unvalidated image、适用任务: Applying Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:。

ctf-stego 支持哪些 IDE 或 Agent?

该技能兼容 Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer。可使用 Killer-Skills CLI 一条命令通用安装。

ctf-stego 有哪些限制?

限制说明: Only Read the image after both checks pass.;限制说明: Validate first: Only Read the image after both checks pass;限制说明: Requires repository-specific context from the skill documentation。

安装步骤

  1. 1. 打开终端

    在你的项目目录中打开终端或命令行。

  2. 2. 执行安装命令

    运行:npx killer-skills add 26zl/cybersec-toolkit/ctf-stego。CLI 会自动识别 IDE 或 AI Agent 并完成配置。

  3. 3. 开始使用技能

    ctf-stego 已启用,可立即在当前项目中调用。

! 来源说明

此页面仍可作为安装与查阅参考。继续使用前,请结合上方适用场景、限制条件和上游仓库说明一起判断。

Upstream Repository Material

The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.

Upstream Source

ctf-stego

安装 ctf-stego,这是一款面向AI agent workflows and automation的 AI Agent Skill。查看功能、使用场景、限制条件与安装命令。

SKILL.md
Readonly
Upstream Repository Material
The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.
Upstream Source

CTF stego methodology

0. CRITICAL — never Read an unvalidated image

Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:

bash
1run_tool("file", "/path/to/image")
2run_tool("identify", "/path/to/image")     # ImageMagick
3# or run_script:
4# from PIL import Image; img = Image.open(path); print(img.size, img.mode)

Only Read the image after both checks pass.

1. Triage every input

bash
1file <file>
2xxd <file> | head -30
3exiftool <file>            # metadata — flag often hides here
4strings <file> | grep -i "ctf\|flag\|key\|pass" | head
5binwalk <file>             # multi-file polyglots

Always check metadata first. ~30% of intro stego is just exiftool.

2. Image (PNG / JPG / BMP / GIF)

TechniqueTool / approach
LSB in pixelszsteg (PNG/BMP), stegsolve
EOF data after IEND/EOIbinwalk -e, manual hex
JPG specificsteghide extract -sf <file> (often with empty pass), stegseek for brute
PNG color planesstegsolve (visual layer toggle)
LSB matching, customzsteg -a, then write custom Python with PIL
Polyglot (file with valid headers for multiple formats)binwalk, foremost
File appended after IEND chunk (PNG)pngcheck -v, manual carve
Modified/extra chunkspngcheck -v, pngcsum
Width/height tampering (PNG)edit IHDR width/height, recalc CRC — tweakpng style
bash
1# zsteg covers most LSB cases for PNG/BMP
2zsteg -a image.png
3
4# steghide brute (jpg/wav/bmp)
5stegseek image.jpg rockyou.txt
6
7# Multi-tool sweep
8stegsolve image.png        # GUI, manual layer toggle

3. Audio (WAV / MP3 / FLAC / OGG)

TechniqueTool
LSB in sampleswavsteg, custom python
Steghide payloadsteghide, stegseek
Spectrogram (visual hidden in freq domain)audacity view spectrogram, sonic-visualiser
DTMF tonesmultimon-ng -a DTMF, manual tone analysis
Morselisten by ear, then morse-decoder or manual
SSTV (slow-scan TV in audio)qsstv, slowrx
bash
1# Spectrogram via sox
2sox audio.wav -n spectrogram -o spec.png
3# Then validate spec.png before reading (see step 0)
4
5# DTMF
6multimon-ng -a DTMF audio.wav

4. Video / GIF

bash
1# Extract frames
2ffmpeg -i video.mp4 -vf fps=1 frames/frame_%04d.png
3
4# Per-frame stego
5for f in frames/*.png; do zsteg -a "$f" 2>/dev/null | grep -i "flag\|ctf"; done
6
7# Audio track
8ffmpeg -i video.mp4 -vn audio.wav
9# Then audio analysis

5. Text / Unicode

TechniqueTool
Zero-width characterszwsp-steg, manual unicode inspect
Whitespace stegosnow, stegsnow
Homoglyph substitutionunicode normalize + diff
Base-N nested encodingsciphey, manual
Bacon / null ciphermanual + dcode.fr
bash
1# Show every character including invisibles
2python3 -c "import sys; [print(repr(c), hex(ord(c))) for c in open(sys.argv[1]).read()]" file.txt

6. Less common

  • PDF: pdf-parser, peepdf, qpdf --qdf — check streams, annotations, JS, attachments
  • Office docs: oletools (olevba, oleid), oledump, unzip the .docx/.xlsx
  • QR / barcode: zbarimg, zxing — also try partial QR reconstruction
  • DNA/protein sequences: ROT/encoding tricks, decode A/C/G/T as base-4

7. Default workflow

  1. exiftool + strings + binwalk -e always first
  2. If image → zsteg -a (PNG/BMP) OR stegseek (JPG)
  3. If audio → spectrogram view
  4. If nothing obvious → stegsolve GUI for visual analysis
  5. If still nothing → metadata might encode the answer (look at GPS, comment, software field)

8. Don't waste time on

  • LSB scripts when zsteg exists
  • Manually viewing spectrograms in matplotlib when audacity/sonic-visualiser exist
  • Reading the image with Read before validation (see step 0)

After solve

Use the writeup-template skill.

相关技能

寻找 ctf-stego 的替代方案 (Alternative) 或可搭配使用的同类 community Skill?探索以下相关开源技能。

查看全部

openclaw-release-maintainer

Logo of openclaw
openclaw

本地化技能摘要: 🦞 # OpenClaw Release Maintainer Use this skill for release and publish-time workflow. It covers ai, assistant, crustacean workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

333.8k
0
AI

widget-generator

Logo of f
f

本地化技能摘要: Generate customizable widget plugins for the prompts.chat feed system # Widget Generator Skill This skill guides creation of widget plugins for prompts.chat . It covers ai, artificial-intelligence, awesome-list workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf

149.6k
0
AI

flags

Logo of vercel
vercel

本地化技能摘要: The React Framework # Feature Flags Use this skill when adding or changing framework feature flags in Next.js internals. It covers blog, browser, compiler workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

138.4k
0
浏览器

pr-review

Logo of pytorch
pytorch

本地化技能摘要: Usage Modes No Argument If the user invokes /pr-review with no arguments, do not perform a review . It covers autograd, deep-learning, gpu workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

98.6k
0
开发者工具