Hunt business logic vulnerabilities
hunt-business-logicskillsetup L1★1,791
elementalsouls/Claude-BugHunter ↗What it does
Hunting skill for business logic vulnerabilities. Built
Best for
Use for hunting skill for business logic vulnerabilities. built from 12 public bug bounty reports. covers coupon-race-stacking (instacart, stripe, reverb), negative-quantity-in-cart price tampering (upserve, eternal/zomato), decimal/fraction price-field overflow (shipt), client-side checkout amount trust on paypal redirect (wordpress.org), price-per-unit mass-assignment (krisp), and archived-price swap / cart-toctou (stripe). use when hunting business logic — heavy emphasis on financial-impact-demonstrated cases.
Inputs
- · target
- · test vectors
- · payloads
Outputs
- · vulnerability report
- · PoC code
- · impact assessment
Requires
- · curl
- · HTTP client
Preconditions
Required dependencies and environment setup — see body for details
Failure modes
See documentation for known limitations and edge cases
Trust signals
- · Skill: skill
- · Repository: elementalsouls/Claude-BugHunter