hunt-saml

Identifies and exploits SAML/SSO vulnerabilities, enhancing security assessments against XML Signature Wrapping and other attack vectors.

Install this skill

55/100

Security score

The hunt-saml skill was audited on Jun 10, 2026 and we found 3 security issues across 2 threat categories, including 1 critical. Review the findings below before installing.

Categories Tested

Security Issues

medium line 71

Template literal with variable interpolation in command context

SourceSKILL.md

```

high line 64

Access to /etc/passwd

SourceSKILL.md

64	<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>

critical line 108

Access to /etc/passwd

SourceSKILL.md

108	- `hunt-xxe` — SAML assertions ARE XML; XXE in the assertion parser is a separate chain on top of XSW. Chain primitive: SAML parser without `disallow-doctype-decl` + `<!DOCTYPE foo [<!ENTITY xxe S

Scanned on Jun 10, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

aider git api testing backend security-engineer qa-engineer technical-writer development content media

elementalsouls/Claude-BugHunter