How to install business-logic-vuln
npx skills add https://github.com/yaklang/hack-skills --skill business-logic-vulnClaude Code
Cursor
Windsurf
Cline
Full instructions (SKILL.md)
Source of truth, from yaklang/hack-skills.
name: business-logic-vuln description: >- Entry P1 category router for business logic testing. Use when workflow abuse, race conditions, pricing flaws, or multi-step state attacks matter more than parser-level input injection.
Business Logic Router
This is the routing entry point for business-logic and state-machine issues.
When to Use
- The target involves coupons, inventory, payment, approvals, quotas, invites, trials, or state transitions
- The issue is not parser-level; it is about when checks happen and which business conditions are checked
- You suspect race conditions, workflow bypass, price tampering, negative values, stacked discounts, or multi-step flaws
Skill Map
Recommended Flow
- First map key business states and one-time actions
- Then check for check-then-act windows, sequence dependencies, or missing cross-step authorization
- If the chain depends on APIs, uploads, or object permissions, return to the corresponding router skill to complete the path
Related Categories
Related skills
More from yaklang/hack-skills and the wider catalog.
HA
hack
yaklang/hack-skills
>-
1.9k installs
SQ
sqli-sql-injection
yaklang/hack-skills
>-
1.8k installs
CO
code-obfuscation-deobfuscation
yaklang/hack-skills
>-
1.8k installs
AP
api-sec
yaklang/hack-skills
>-
1.8k installsAudited
AN
android-pentesting-tricks
yaklang/hack-skills
>-
1.8k installs
XS
xss-cross-site-scripting
yaklang/hack-skills
>-
1.8k installs