This is an LLM-powered pentesting agent that won 4th place and achieved a unique "AK" (all challenges solved) at Tencent's Cloud Hackathon intelligent penetration challenge. It's built on a ReAct loop where the AI reasons about targets, selects tools like nmap and sqlmap, executes them, and interprets results to chain together multi-step exploits. The repo shows it's still being organized and not fully open-sourced yet, but the architecture is documented in their competition writeup. If you're exploring autonomous security testing or CTF automation, this is an interesting reference implementation from a team that clearly knows what they're doing. Just be aware the codebase is in flux.
npx skills add https://github.com/aradotso/trending-skills --skill cairn-ai-pentest