hunt-saml

Identifies and exploits SAML/SSO vulnerabilities, enhancing security assessments against XML Signature Wrapping and other attack patterns.

Install this skill

55/100

Security score

The hunt-saml skill was audited on May 29, 2026 and we found 3 security issues across 2 threat categories, including 1 critical. Review the findings below before installing.

Categories Tested

Security Issues

medium line 67

Template literal with variable interpolation in command context

SourceSKILL.md

```

high line 60

Access to /etc/passwd

SourceSKILL.md

60	<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>

critical line 104

Access to /etc/passwd

SourceSKILL.md

104	- `hunt-xxe` — SAML assertions ARE XML; XXE in the assertion parser is a separate chain on top of XSW. Chain primitive: SAML parser without `disallow-doctype-decl` + `<!DOCTYPE foo [<!ENTITY xxe S

Scanned on May 29, 2026

View Security Dashboard

Installation guide →

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

api testing security-engineer qa-engineer devops-sre development

AKasem1/claude-bug-bounty