This repository curates and packages essential security testing resources, primarily from the extensive SecLists project, into easily accessible Claude Code skills. It targets security professionals, penetration testers, CTF participants, bug bounty hunters, and AI/ML security researchers by providing immediate, organized access to wordlists, injection payloads, and patterns. The primary benefit is streamlining authorized security assessments and research workflows directly within the Claude Code environment, reducing the friction of managing large datasets manually.

How It Works

The project leverages the Claude Code plugin architecture to transform curated subsets of SecLists data into functional "skills." These skills are discoverable and installable via the skills.sh marketplace. Users interact with these skills through intuitive slash commands (e.g., /sqli-test, /xss-test) or natural language queries within Claude Code. This approach allows for rapid deployment and utilization of specific security testing tools and data, such as password lists or injection payloads, directly within an AI assistant's workflow, enhancing productivity for targeted security tasks.

Quick Start & Requirements

• Primary Install: Integrate the collection as a Claude Code plugin marketplace using the command: /plugin marketplace add Eyadkelleh/awesome-claude-skills-security. Individual skills can then be installed from this marketplace.
• Prerequisites: Claude Code CLI (latest version) is mandatory. Git is required if cloning the repository directly.
• Relevant Links:
  • SecLists Official Repository: https://github.com/danielmiessler/SecLists
  • Claude Code Documentation: (Referenced within the README for platform-specific guidance)
  • skills.sh Marketplace: (Referenced as the distribution platform)

Highlighted Details

• Comprehensive Skill Categories: Features 7 distinct categories covering Fuzzing, Passwords, Patterns, Payloads, Usernames, Web-shells, and specialized LLM Testing.
• Direct Slash Commands: Offers 5 practical slash commands for immediate use, including /sqli-test, /xss-test, /wordlist, /webshell-detect, and /api-keys for quick vulnerability checks and data access.
• Expert Agents: Integrates 3 specialized agents—Pentest Advisor, CTF Assistant, and Bug Bounty Hunter—to provide strategic guidance and assistance for complex scenarios.
• Curated Content: Leverages essential wordlists and attack payloads from SecLists, alongside comprehensive AI/ML security testing prompts for bias detection, data leakage, and adversarial resistance.

Maintenance & Community

The foundational SecLists project is maintained by Daniel Miessler and a global security community. This specific curated collection is maintained by Eyadkelleh. Contributions, bug reports, and feature requests are managed via GitHub issues and pull requests. Further platform-specific support can be found in the Claude Code documentation.

Licensing & Compatibility

Distributed under the permissive MIT License, this collection inherits the terms from the original SecLists project, allowing for broad compatibility, including commercial use and integration into closed-source projects, provided attribution and license adherence. The skills are specifically engineered for seamless integration with the Claude Code platform.

Limitations & Caveats

Operation is contingent upon the presence and correct configuration of the Claude Code CLI. The project strongly emphasizes ethical and authorized usage; users bear full responsibility for securing explicit permissions before conducting any security testing activities. This repository offers a curated subset of the vast SecLists project, which contains significantly more data and resources.