{ "schemaVersion": "1.0", "item": { "slug": "ctf-writeup-generator", "name": "CTF Writeup Generator", "source": "tencent", "type": "skill", "category": "内容创作", "sourceUrl": "https://clawhub.ai/akhmittra/ctf-writeup-generator", "canonicalUrl": "https://clawhub.ai/akhmittra/ctf-writeup-generator", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/ctf-writeup-generator", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=ctf-writeup-generator", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "example_writeup.md", "QUICKSTART.md", "README.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/ctf-writeup-generator" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/ctf-writeup-generator", "agentPageUrl": "https://openagent3.xyz/skills/ctf-writeup-generator/agent", "manifestUrl": "https://openagent3.xyz/skills/ctf-writeup-generator/agent.json", "briefUrl": "https://openagent3.xyz/skills/ctf-writeup-generator/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Description", "body": "This skill helps CTF players, security researchers, and cybersecurity educators automatically generate professional writeups from their solving sessions. It intelligently detects flag formats, categorizes challenges, structures the writeup with proper headings, and includes code blocks with syntax highlighting.\n\nPerfect for:\n\nCreating platform-specific writeups (HackTheBox, TryHackMe, OffSec, etc.)\nDocumenting Jeopardy-style CTF solutions\nGenerating educational content for training materials\nBuilding a portfolio of security research" }, { "title": "When to Use", "body": "Use this skill when the user:\n\nSays \"generate a CTF writeup\"\nMentions \"document my CTF solution\"\nAsks to \"create a writeup for [challenge name]\"\nReferences completing a CTF challenge and needs documentation\nWants to format their solving process professionally\nNeeds to extract and format flags from their notes" }, { "title": "Flag Format Detection", "body": "Automatically detects and validates common CTF flag formats:\n\nCTF{...}, FLAG{...}, flag{...}\nPlatform-specific: HTB{...}, THM{...}, SHAASTRA{...}, picoCTF{...}\nCustom regex patterns for competition-specific formats\nCase-sensitive validation support" }, { "title": "Challenge Categories", "body": "Automatically categorizes based on keywords and tools used:\n\nWeb Exploitation: SQL injection, XSS, CSRF, authentication bypass\nBinary Exploitation: Buffer overflow, ROP, format strings, heap exploitation\nReverse Engineering: Binary analysis, decompilation, obfuscation\nCryptography: Classical ciphers, modern crypto, hash cracking\nForensics: Steganography, memory forensics, network analysis, disk imaging\nOSINT: Information gathering, social media analysis\nPWN: Exploitation, shellcode, privilege escalation\nMiscellaneous: Mixed or unique challenge types" }, { "title": "Structured Output", "body": "Generates properly formatted markdown writeups with:\n\nChallenge metadata (name, category, difficulty, points)\nExecutive summary\nReconnaissance findings\nStep-by-step solution with code blocks\nTools used section\nFlag submission\nKey learnings and takeaways\nOptional: Additional resources and references" }, { "title": "Code Formatting", "body": "Proper syntax highlighting for:\n\nPython, Bash, JavaScript, C/C++\nAssembly (x86, ARM)\nSQL queries\nCommand-line tools output\nNetwork packet analysis" }, { "title": "Instructions", "body": "When a user requests a CTF writeup, follow this workflow:\n\nGather Information\nAsk the user for:\n\nChallenge name\nPlatform/CTF name (e.g., \"HackTheBox\", \"Shaastra CTF\")\nCategory (or detect from description)\nDifficulty level (Easy/Medium/Hard or points value)\nFlag format if non-standard\nTheir solving process/notes\n\n\n\nProcess the Content\n\nExtract technical steps from their description\nIdentify tools and commands used\nDetect flag format and validate\nCategorize the challenge\nStructure the flow logically\n\n\n\nGenerate the Writeup\nCreate a markdown document with this structure:\n# [Challenge Name] - [Platform] CTF Writeup\n\n**Author**: [Author name or handle] \n**Date**: [Current date] \n**Category**: [Category] \n**Difficulty**: [Difficulty] \n**Points**: [Points if applicable]\n\n## Summary\n\n[2-3 sentence overview of the challenge and solution approach]\n\n## Challenge Description\n\n[Original challenge description if provided]\n\n## Reconnaissance\n\n[Initial enumeration and information gathering]\n\n## Solution\n\n### Step 1: [Phase name]\n\n[Detailed explanation with commands/code]\n\n```bash\n# Commands used\n\nStep 2: [Next phase]\n[Continue with logical progression]\nTools Used\n\nTool 1: Purpose\nTool 2: Purpose\n\nFlag\nFLAG{...}\n\nKey Takeaways\n\nLearning point 1\nLearning point 2\n\nReferences\n\n[Relevant links]\n\n\n\n\nValidate and Enhance\n\nCheck flag format matches the platform\nEnsure code blocks have proper syntax highlighting\nAdd explanatory comments to complex commands\nInclude alternative approaches if mentioned\n\n\n\nSave the Writeup\nSave the generated writeup to a markdown file named:\n[platform]_[challenge-name]_writeup.md" }, { "title": "Step 2: [Next phase]", "body": "[Continue with logical progression]" }, { "title": "Tools Used", "body": "Tool 1: Purpose\nTool 2: Purpose" }, { "title": "Flag", "body": "FLAG{...}" }, { "title": "Key Takeaways", "body": "Learning point 1\nLearning point 2" }, { "title": "References", "body": "[Relevant links]" }, { "title": "Example Usage", "body": "User: \"I just solved the 'Binary Bash' challenge from Shaastra CTF. It was a buffer overflow where I had to overwrite the return address. The flag was Shaastra{buff3r_0v3rfl0w_m4st3r}. Can you generate a writeup?\"\n\nAgent Response:\n\nAsks for additional details (tools used, exact exploit steps)\nGenerates a professional writeup with:\n\nProper challenge metadata\nBinary exploitation category\nStep-by-step buffer overflow explanation\nCode blocks with assembly/C code\nGDB commands used\nFlag in correct format\nLearning points about memory safety" }, { "title": "HackTheBox", "body": "Include machine IP, OS, and difficulty rating\nAdd user/root flag sections\nInclude attack path diagram if complex" }, { "title": "OffSec/OSCP", "body": "Focus on enumeration methodology\nDocument privilege escalation chains\nInclude proof screenshots references" }, { "title": "Jeopardy CTF", "body": "List point values and solve times\nInclude team strategy if relevant\nCategorize by challenge type" }, { "title": "Multi-Tool Integration", "body": "Reference other skills for specific tasks:\n\nghidra-skill for reverse engineering analysis\nburpsuite-skill for web exploitation\nvolatility-skill for memory forensics" }, { "title": "Writeup Templates", "body": "Support for different writeup styles:\n\nAcademic: Detailed with theoretical background\nSpeedrun: Concise with just essential steps\nTutorial: Beginner-friendly with extra explanations\nPortfolio: Professional format for job applications" }, { "title": "Export Formats", "body": "Standard Markdown (.md)\nPDF via pandoc\nHTML with custom CSS\nPlatform-specific formats (HTB Academy, Medium, dev.to)" }, { "title": "Security Considerations", "body": "Never include actual credentials or sensitive API keys\nSanitize paths that might reveal system information\nRespect competition rules (don't publish during active CTF)\nAdd spoiler warnings for recent challenges\nVerify flag sharing is allowed by platform" }, { "title": "Configuration", "body": "Users can customize via environment variables:\n\n# Set default author name\nexport CTF_AUTHOR=\"akm626\"\n\n# Set default CTF platform\nexport CTF_PLATFORM=\"HackTheBox\"\n\n# Set preferred writeup style\nexport CTF_WRITEUP_STYLE=\"tutorial\"\n\n# Enable automatic screenshot embedding\nexport CTF_AUTO_SCREENSHOTS=true" }, { "title": "Dependencies", "body": "Basic markdown processor (built-in)\nOptional: pandoc (for PDF export)\nOptional: pygments (for enhanced syntax highlighting)" }, { "title": "Tips for Best Results", "body": "Provide detailed solving notes - the more context, the better\nInclude command outputs when relevant\nMention dead-ends and why they failed (valuable learning)\nReference CVEs and tool documentation\nAdd your unique insights and methodology\nKeep flag formats consistent with the platform" }, { "title": "Example Writeup Structure", "body": "For a web exploitation challenge:\n\n# SQL Injection Master - Shaastra CTF 2026\n\n**Author**: akm626 \n**Date**: February 08, 2026 \n**Category**: Web Exploitation \n**Difficulty**: Medium \n**Points**: 300\n\n## Summary\n\nThis challenge involved exploiting a SQL injection vulnerability in a login form to extract database contents and retrieve the flag. The application used client-side filtering which was easily bypassed.\n\n## Challenge Description\n\n[Original description...]\n\n## Reconnaissance\n\nInitial enumeration revealed a PHP-based login portal running on Apache. Basic directory fuzzing found:\n\n```bash\nffuf -w common.txt -u http://target.com/FUZZ\n\nadmin/\nbackup/\nconfig/" }, { "title": "Step 1: Identifying the Injection Point", "body": "Testing the login form with basic SQL injection payloads:\n\n' OR '1'='1' --\nadmin' --\n' UNION SELECT NULL--" }, { "title": "Step 2: Database Enumeration", "body": "Used SQLMap to automate extraction:\n\nsqlmap -u \"http://target.com/login.php\" --data=\"username=admin&password=test\" \\\n --technique=U --dump --batch\n\n[Continue with detailed steps...]" }, { "title": "Flag", "body": "SHAASTRA{sql_inj3ct10n_pr0}" }, { "title": "Key Takeaways", "body": "Always test for SQL injection on input fields\nClient-side validation is not security\nParameterized queries prevent SQL injection" }, { "title": "Tools Used", "body": "Burp Suite: Request interception\nSQLMap: Automated SQL injection\nffuf: Directory fuzzing" }, { "title": "References", "body": "OWASP SQL Injection Guide\nSQLMap Documentation\n\n## Contributing\n\nUsers can improve this skill by:\n- Adding new flag format patterns\n- Contributing platform-specific templates\n- Enhancing categorization logic\n- Sharing example writeups\n\n## License\n\nMIT License - Free to use and modify\n\n## Support\n\nFor issues or suggestions, contact the skill maintainer or file an issue on the GitHub repository." } ], "body": "CTF Writeup Generator\nDescription\n\nThis skill helps CTF players, security researchers, and cybersecurity educators automatically generate professional writeups from their solving sessions. It intelligently detects flag formats, categorizes challenges, structures the writeup with proper headings, and includes code blocks with syntax highlighting.\n\nPerfect for:\n\nCreating platform-specific writeups (HackTheBox, TryHackMe, OffSec, etc.)\nDocumenting Jeopardy-style CTF solutions\nGenerating educational content for training materials\nBuilding a portfolio of security research\nWhen to Use\n\nUse this skill when the user:\n\nSays \"generate a CTF writeup\"\nMentions \"document my CTF solution\"\nAsks to \"create a writeup for [challenge name]\"\nReferences completing a CTF challenge and needs documentation\nWants to format their solving process professionally\nNeeds to extract and format flags from their notes\nFeatures\nFlag Format Detection\n\nAutomatically detects and validates common CTF flag formats:\n\nCTF{...}, FLAG{...}, flag{...}\nPlatform-specific: HTB{...}, THM{...}, SHAASTRA{...}, picoCTF{...}\nCustom regex patterns for competition-specific formats\nCase-sensitive validation support\nChallenge Categories\n\nAutomatically categorizes based on keywords and tools used:\n\nWeb Exploitation: SQL injection, XSS, CSRF, authentication bypass\nBinary Exploitation: Buffer overflow, ROP, format strings, heap exploitation\nReverse Engineering: Binary analysis, decompilation, obfuscation\nCryptography: Classical ciphers, modern crypto, hash cracking\nForensics: Steganography, memory forensics, network analysis, disk imaging\nOSINT: Information gathering, social media analysis\nPWN: Exploitation, shellcode, privilege escalation\nMiscellaneous: Mixed or unique challenge types\nStructured Output\n\nGenerates properly formatted markdown writeups with:\n\nChallenge metadata (name, category, difficulty, points)\nExecutive summary\nReconnaissance findings\nStep-by-step solution with code blocks\nTools used section\nFlag submission\nKey learnings and takeaways\nOptional: Additional resources and references\nCode Formatting\n\nProper syntax highlighting for:\n\nPython, Bash, JavaScript, C/C++\nAssembly (x86, ARM)\nSQL queries\nCommand-line tools output\nNetwork packet analysis\nInstructions\n\nWhen a user requests a CTF writeup, follow this workflow:\n\nGather Information Ask the user for:\n\nChallenge name\nPlatform/CTF name (e.g., \"HackTheBox\", \"Shaastra CTF\")\nCategory (or detect from description)\nDifficulty level (Easy/Medium/Hard or points value)\nFlag format if non-standard\nTheir solving process/notes\n\nProcess the Content\n\nExtract technical steps from their description\nIdentify tools and commands used\nDetect flag format and validate\nCategorize the challenge\nStructure the flow logically\n\nGenerate the Writeup Create a markdown document with this structure:\n\n# [Challenge Name] - [Platform] CTF Writeup\n\n**Author**: [Author name or handle] \n**Date**: [Current date] \n**Category**: [Category] \n**Difficulty**: [Difficulty] \n**Points**: [Points if applicable]\n\n## Summary\n\n[2-3 sentence overview of the challenge and solution approach]\n\n## Challenge Description\n\n[Original challenge description if provided]\n\n## Reconnaissance\n\n[Initial enumeration and information gathering]\n\n## Solution\n\n### Step 1: [Phase name]\n\n[Detailed explanation with commands/code]\n\n```bash\n# Commands used\n\nStep 2: [Next phase]\n\n[Continue with logical progression]\n\nTools Used\nTool 1: Purpose\nTool 2: Purpose\nFlag\nFLAG{...}\n\nKey Takeaways\nLearning point 1\nLearning point 2\nReferences\n[Relevant links]\n\nValidate and Enhance\n\nCheck flag format matches the platform\nEnsure code blocks have proper syntax highlighting\nAdd explanatory comments to complex commands\nInclude alternative approaches if mentioned\n\nSave the Writeup Save the generated writeup to a markdown file named: [platform]_[challenge-name]_writeup.md\n\nExample Usage\n\nUser: \"I just solved the 'Binary Bash' challenge from Shaastra CTF. It was a buffer overflow where I had to overwrite the return address. The flag was Shaastra{buff3r_0v3rfl0w_m4st3r}. Can you generate a writeup?\"\n\nAgent Response:\n\nAsks for additional details (tools used, exact exploit steps)\nGenerates a professional writeup with:\nProper challenge metadata\nBinary exploitation category\nStep-by-step buffer overflow explanation\nCode blocks with assembly/C code\nGDB commands used\nFlag in correct format\nLearning points about memory safety\nPlatform-Specific Templates\nHackTheBox\nInclude machine IP, OS, and difficulty rating\nAdd user/root flag sections\nInclude attack path diagram if complex\nOffSec/OSCP\nFocus on enumeration methodology\nDocument privilege escalation chains\nInclude proof screenshots references\nJeopardy CTF\nList point values and solve times\nInclude team strategy if relevant\nCategorize by challenge type\nAdvanced Features\nMulti-Tool Integration\nReference other skills for specific tasks:\nghidra-skill for reverse engineering analysis\nburpsuite-skill for web exploitation\nvolatility-skill for memory forensics\nWriteup Templates\n\nSupport for different writeup styles:\n\nAcademic: Detailed with theoretical background\nSpeedrun: Concise with just essential steps\nTutorial: Beginner-friendly with extra explanations\nPortfolio: Professional format for job applications\nExport Formats\nStandard Markdown (.md)\nPDF via pandoc\nHTML with custom CSS\nPlatform-specific formats (HTB Academy, Medium, dev.to)\nSecurity Considerations\nNever include actual credentials or sensitive API keys\nSanitize paths that might reveal system information\nRespect competition rules (don't publish during active CTF)\nAdd spoiler warnings for recent challenges\nVerify flag sharing is allowed by platform\nConfiguration\n\nUsers can customize via environment variables:\n\n# Set default author name\nexport CTF_AUTHOR=\"akm626\"\n\n# Set default CTF platform\nexport CTF_PLATFORM=\"HackTheBox\"\n\n# Set preferred writeup style\nexport CTF_WRITEUP_STYLE=\"tutorial\"\n\n# Enable automatic screenshot embedding\nexport CTF_AUTO_SCREENSHOTS=true\n\nDependencies\nBasic markdown processor (built-in)\nOptional: pandoc (for PDF export)\nOptional: pygments (for enhanced syntax highlighting)\nTips for Best Results\nProvide detailed solving notes - the more context, the better\nInclude command outputs when relevant\nMention dead-ends and why they failed (valuable learning)\nReference CVEs and tool documentation\nAdd your unique insights and methodology\nKeep flag formats consistent with the platform\nExample Writeup Structure\n\nFor a web exploitation challenge:\n\n# SQL Injection Master - Shaastra CTF 2026\n\n**Author**: akm626 \n**Date**: February 08, 2026 \n**Category**: Web Exploitation \n**Difficulty**: Medium \n**Points**: 300\n\n## Summary\n\nThis challenge involved exploiting a SQL injection vulnerability in a login form to extract database contents and retrieve the flag. The application used client-side filtering which was easily bypassed.\n\n## Challenge Description\n\n[Original description...]\n\n## Reconnaissance\n\nInitial enumeration revealed a PHP-based login portal running on Apache. Basic directory fuzzing found:\n\n```bash\nffuf -w common.txt -u http://target.com/FUZZ\n\nadmin/\nbackup/\nconfig/\n\nSolution\nStep 1: Identifying the Injection Point\n\nTesting the login form with basic SQL injection payloads:\n\n' OR '1'='1' --\nadmin' --\n' UNION SELECT NULL--\n\nStep 2: Database Enumeration\n\nUsed SQLMap to automate extraction:\n\nsqlmap -u \"http://target.com/login.php\" --data=\"username=admin&password=test\" \\\n --technique=U --dump --batch\n\n\n[Continue with detailed steps...]\n\nFlag\nSHAASTRA{sql_inj3ct10n_pr0}\n\nKey Takeaways\nAlways test for SQL injection on input fields\nClient-side validation is not security\nParameterized queries prevent SQL injection\nTools Used\nBurp Suite: Request interception\nSQLMap: Automated SQL injection\nffuf: Directory fuzzing\nReferences\nOWASP SQL Injection Guide\nSQLMap Documentation\n\n## Contributing\n\nUsers can improve this skill by:\n- Adding new flag format patterns\n- Contributing platform-specific templates\n- Enhancing categorization logic\n- Sharing example writeups\n\n## License\n\nMIT License - Free to use and modify\n\n## Support\n\nFor issues or suggestions, contact the skill maintainer or file an issue on the GitHub repository." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/akhmittra/ctf-writeup-generator", "publisherUrl": "https://clawhub.ai/akhmittra/ctf-writeup-generator", "owner": "akhmittra", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/ctf-writeup-generator", "downloadUrl": "https://openagent3.xyz/downloads/ctf-writeup-generator", "agentUrl": "https://openagent3.xyz/skills/ctf-writeup-generator/agent", "manifestUrl": "https://openagent3.xyz/skills/ctf-writeup-generator/agent.json", "briefUrl": "https://openagent3.xyz/skills/ctf-writeup-generator/agent.md" } }