This one gives Claude the protocol fundamentals, CSWSH exploitation flows, and tooling bridges for WebSocket penetration testing. You get handshake inspection patterns, an actual proof-of-concept JavaScript snippet for cross-site hijacking, and practical commands for wsrepl, ws-harness, and Burp extensions like SocketSleuth. The decision tree walks through Origin validation, session binding checks, and message fuzzing. It also covers WebSocket smuggling concepts for proxy bypass scenarios. Load it when you're dealing with real-time features, chat apps, live dashboards, or notification streams where the upgrade handshake and bidirectional channel create attack surface that traditional HTTP testing misses.
npx skills add https://github.com/yaklang/hack-skills --skill websocket-security