This is a solid playbook for testing UI redress vulnerabilities. It walks you through checking X-Frame-Options and CSP frame-ancestors headers, building transparent iframe PoCs, and bypassing frame-busting scripts with the sandbox attribute. The templates cover single-click, multi-step, and drag-and-drop scenarios, with specific targets like account deletion and OAuth consent pages. What makes it useful is the testing checklist and the honest framing that clickjacking is often marked low severity until you chain it with admin actions. If you're doing web app pentests and need to quickly validate whether sensitive pages can be framed, this gives you the detection logic and HTML snippets to prove it out.
npx skills add https://github.com/yaklang/hack-skills --skill clickjacking