# Claude Code Skills (Plugins)

HackenProof provides two Claude Code skills that automate triage workflows on top of the MCP server. Skills are high-level automation layers — they use the MCP tools under the hood but add structured workflows, policies, and decision-making logic.

#### Installation

1. Open a new Claude Code session
2. Run `/plugin`
3. Go to **Marketplace** — HackenProof skills will be listed
4. Browse and install both plugins (under current user)
5. Enable **auto-updates** so new versions are fetched automatically

Or add the marketplace manually — in your Claude Code settings, add `hackenproof-public/skills` as a marketplace source.

<figure><img src="/files/M7JgKuZRqgBqgrFSCdT4" alt=""><figcaption></figcaption></figure>

#### Skill 1: Triage (`hackenproof-triage`)

An interactive triage assistant that follows HackenProof's triage policy for each report. It handles:

* **Scope validation** — checks if the reported target and version are within program scope
* **Duplicate detection** — identifies potential duplicates across existing reports
* **PoC verification** — confirms whether a proof of concept is present when required
* **Severity assessment** — maps findings to the correct severity using HackenProof classification standards
* **Decision & comment** — applies the triage decision (state, severity, labels) and posts a policy-compliant comment

Invoke it with `/hackenproof-triage-marketplace` or just describe a triage task:

> "Triage report HACK-55 on company-name/program-name"

The skill knows HackenProof's global triage policy, severity mapping guidelines, and comment templates — so triage comments are consistent and professional.

#### Skill 2: Bulk Triage (`hackenproof-bulk-triage`)

Scans all open reports across multiple programs simultaneously, produces summaries, and proposes closure actions for review. Useful for:

* **Monitoring 10-20 bounty programs at once** — get a snapshot of all open tickets
* **Automated triage pipelines** — bulk review and propose actions without manual report-by-report inspection
* **Proactive SLA management** — catch reports before they breach SLA

**Setup**

Bulk triage requires a config file at `~/.claude/hackenproof-repos.yaml` that maps programs to local code repos and/or blockchain explorers:

```yaml
programs:
  near-intents-smart-contracts:
    repo: ~/hackenproof/bb/near/intents
    branch: main

  some-defi-protocol:
    explorer: https://etherscan.io/address/0xABC123...

  multipli-smart-contracts:
    repo: ~/hackenproof/bb/multipli/Barebones-MultipliVault
    branch: v2
    explorer: https://snowtrace.io/address/0xCF0Eb4...

  paused-program:
    repo: ~/hackenproof/bb/paused
    enabled: false
```

**Configuration fields:**

| Field      | Required | Description                                        |
| ---------- | -------- | -------------------------------------------------- |
| `repo`     | No       | Path to local git clone for source code validation |
| `branch`   | No       | Git branch to track (defaults to current branch)   |
| `explorer` | No       | Blockchain explorer URL for contract verification  |
| `enabled`  | No       | Set `false` to skip a program (default: `true`)    |

Program slugs come from dashboard URLs: `https://dashboard.hackenproof.com/manager/companies/{company}/{program-slug}/...`

Invoke with `/hackenproof-bulk-triage` — the skill discovers all open reports, analyzes each one, and outputs structured recommendations for human review. No changes are applied without your approval.

Full setup guide: [github.com/hackenproof-public/skills/.../setup-guide.md](https://github.com/hackenproof-public/skills/blob/main/plugins/hackenproof-bulk-triage/skills/hackenproof-bulk-triage/references/setup-guide.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hackenproof.com/dashboard/mcp-server/claude-code-skills-plugins.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.