Teaches Claude to exploit PHP's loose comparison operators and type coercion rules, the kind of stuff that shows up in legacy codebases and CTF challenges. When you hit authentication or token validation that uses `==` instead of `===`, this walks through magic hash collisions (like `md5('240610708') == md5('QNKCDZO')` both evaluating to 0e scientific notation), HMAC bypass via numeric coercion, and classic tricks like passing arrays to `strcmp`. Includes version-specific behavior across PHP 5, 7, and 8, since `0 == "foo"` changed semantics. The routing is sharp: it tells Claude to check for loose equality sinks first, then map to the right payload table. Honestly most useful for security audits and explaining why `hash_equals` exists, but the reference tables alone are worth keeping around.
npx skills add https://github.com/yaklang/hack-skills --skill type-juggling