npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

offsec-exploit-research

v1.0.3

Published

Elite adaptive whitebox exploit research skill for Claude Code and OpenCode. Classifies targets, loads domain-specific methodology, and hunts real vulnerabilities.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

theteatoasttheteatoast

Keywords

claude-codeopencodesecurityexploit-researchvulnerabilitypentestwhiteboxoffensive-securityskillsagent-skillcode-audit

Readme

offsec-exploit-research

Elite adaptive whitebox exploit research skill for Claude Code and OpenCode.

Not a scanner. Not a checklist. A reusable exploit research framework that classifies your target and loads the correct attack methodology.

Install

npx offsec-exploit-research

That's it. The skill is installed globally and available in every project.

Use

Open Claude Code or OpenCode in any project:

  1. Type /skills to see the skill
  2. Ask: "audit this repo" or "find vulnerabilities"

The skill will:

  1. Fingerprint the target — language, framework, architecture, trust model
  2. Classify it — kernel? browser? distributed? web app? CLI? (16 categories)
  3. Load the right methodology — domain-specific exploit research, not a generic checklist
  4. Map attack surfaces — entry points, trust boundaries, external interfaces
  5. Generate exploit hypotheses — ranked by impact × exploitability × confidence
  6. Trace code paths — from attacker input to exploitable behavior (not grep)
  7. Validate — verify exploitability through deep code tracing, generate detailed PoC steps
  8. Synthesize chains — combine findings into realistic multi-step exploits
  9. Suppress noise — reject unreachable, theoretical, or unexploitable issues
  10. Report — structured findings with exact files, root cause, PoC, and remediation

Supported Targets

The skill adapts to fundamentally different software classes:

| Category | Examples | |---|---| | Systems / Kernel | Linux kernel, drivers, hypervisors | | Browser / Sandbox | Chromium, Electron, renderer engines | | Native Memory-Safety | C/C++ parsers, codecs, protocol handlers | | Distributed Systems | Kubernetes, service mesh, message brokers | | Proxy / Gateway | Zuul, Envoy, Nginx, HAProxy, Kong | | Enterprise Backend | Spring, Django, Rails, ASP.NET, Express | | Java Platform | Spring Boot, Jakarta EE, Apache middleware | | .NET Platform | ASP.NET Core, Blazor, Azure Functions | | CLI / Dev Tooling | Package managers, build tools, agents | | PowerShell | PS modules, DSC, Windows automation | | CI/CD | Jenkins, GitHub Actions, GitLab CI | | Supply Chain | Dependency resolution, plugin systems | | Container Runtime | runc, containerd, Docker, Podman | | Cloud Control Plane | IAM, API servers, IaC tooling | | Parsers | File formats, protocols, data formats | | Serialization | Java/Python/.NET deserialization surfaces | | Sandbox Boundaries | seccomp, namespaces, WASM, isolates |

What This Is NOT

  • ❌ SAST / regex scanner
  • ❌ OWASP checklist bot
  • ❌ Generic security review prompt
  • ❌ Noisy static analysis wrapper

What This IS

  • ✅ Exploit researcher mindset
  • ✅ Architecture-aware analysis
  • ✅ Domain-specific methodology
  • ✅ Real exploitability validation
  • ✅ False positive suppression
  • ✅ Exploit chain synthesis

License

MIT