Claude Code Skills (Plugins)

HackenProof provides two Claude Code skills that automate triage workflows on top of the MCP server. Skills are high-level automation layers — they use the MCP tools under the hood but add structured workflows, policies, and decision-making logic.

Installation

Open a new Claude Code session
Run /plugin
Go to Marketplace — HackenProof skills will be listed
Browse and install both plugins (under current user)
Enable auto-updates so new versions are fetched automatically

Or add the marketplace manually — in your Claude Code settings, add hackenproof-public/skills as a marketplace source.

Skill 1: Triage (`hackenproof-triage`)

An interactive triage assistant that follows HackenProof's triage policy for each report. It handles:

Scope validation — checks if the reported target and version are within program scope
Duplicate detection — identifies potential duplicates across existing reports
PoC verification — confirms whether a proof of concept is present when required
Severity assessment — maps findings to the correct severity using HackenProof classification standards
Decision & comment — applies the triage decision (state, severity, labels) and posts a policy-compliant comment

Invoke it with /hackenproof-triage-marketplace or just describe a triage task:

"Triage report HACK-55 on company-name/program-name"

The skill knows HackenProof's global triage policy, severity mapping guidelines, and comment templates — so triage comments are consistent and professional.

Skill 2: Bulk Triage (`hackenproof-bulk-triage`)

Scans all open reports across multiple programs simultaneously, produces summaries, and proposes closure actions for review. Useful for:

Monitoring 10-20 bounty programs at once — get a snapshot of all open tickets
Automated triage pipelines — bulk review and propose actions without manual report-by-report inspection
Proactive SLA management — catch reports before they breach SLA

Setup

Bulk triage requires a config file at ~/.claude/hackenproof-repos.yaml that maps programs to local code repos and/or blockchain explorers:

programs:
  near-intents-smart-contracts:
    repo: ~/hackenproof/bb/near/intents
    branch: main

  some-defi-protocol:
    explorer: https://etherscan.io/address/0xABC123...

  multipli-smart-contracts:
    repo: ~/hackenproof/bb/multipli/Barebones-MultipliVault
    branch: v2
    explorer: https://snowtrace.io/address/0xCF0Eb4...

  paused-program:
    repo: ~/hackenproof/bb/paused
    enabled: false

Configuration fields:

Field

Required

Description

repo

Path to local git clone for source code validation

branch

Git branch to track (defaults to current branch)

explorer

Blockchain explorer URL for contract verification

enabled

Set false to skip a program (default: true)

Program slugs come from dashboard URLs: https://dashboard.hackenproof.com/manager/companies/{company}/{program-slug}/...

Invoke with /hackenproof-bulk-triage — the skill discovers all open reports, analyzes each one, and outputs structured recommendations for human review. No changes are applied without your approval.

Full setup guide: github.com/hackenproof-public/skills/.../setup-guide.md

PreviousAvailable Tools NextAudit process

Last updated 21 days ago

hashtagInstallation

hashtagSkill 1: Triage (hackenproof-triage)

hashtagSkill 2: Bulk Triage (hackenproof-bulk-triage)

Installation

Skill 1: Triage (`hackenproof-triage`)

Skill 2: Bulk Triage (`hackenproof-bulk-triage`)