bb-methodology

Guides bug bounty hunters through a structured methodology to enhance critical thinking and improve finding impactful vulnerabilities.

Install this skill

64/100

Security score

The bb-methodology skill was audited on May 26, 2026 and we found 4 security issues across 2 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 240

Template literal with variable interpolation in command context

SourceSKILL.md

240	1. Try Error-based first (send `'`, `"`, `{{77}}`, `${77}`) -- watch for 500 errors, stack traces

high line 447

Template literal with variable interpolation in command context

SourceSKILL.md

447	Why: zsh array expansion fails silently on edge cases. A loop like `for x in "${arr[@]}"` can produce zero iterations with no error if the array wasn't populated by the previous command. The user

medium line 90

Webhook reference - potential data exfiltration

SourceSKILL.md

90	- Third-party integration: Stripe/Auth0/Intercom -> webhook signature missing?

low line 221

Webhook reference - potential data exfiltration

SourceSKILL.md

221	+-- URL input / webhook / PDF gen

Scanned on May 26, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categorysales

UpdatedJune 15, 2026

sdr security-engineer growth-marketer product-manager business-development sales development marketing product

elementalsouls/Claude-BugHunter