This is the playbook for finding bugs scanners never catch: race conditions, price manipulation, workflow bypasses, and state machine gaps. You load it when hunting business logic flaws in checkout flows, coupon systems, multi-step auth, or anywhere trust lives client-side. The main file gives you the attack surface (negative quantities, integer overflows, decimal exploits), METHODOLOGY.md walks through the five-phase workflow and attack matrix, CHECKLIST.md has per-module line items, and SCENARIOS.md drills into payment precision bugs, captcha bypass, password reset flaws, and Turbo Intruder patterns for SMS bombing. Real cases included, like the 0.02 quantity trick that bought ¥500 items for ¥10. This is human-reasoning work, not automation.
npx skills add https://github.com/yaklang/hack-skills --skill business-logic-vulnerabilities