Hacker

Hacker is an instruction-only offensive engagement framework for Cursor. It mimics the useful structure of offensive-claude - presets, Kill Chain phases, role handoffs, quality gates, and report artifacts - while keeping this repo's authorization-first safety model.

It does not provide scanners, exploit code, validators, payload builders, or local runner scripts. The agent supplies judgment, asks for scope when needed, delegates focused research to subagents, and only proposes or executes actions that fit written scope and non-destructive rules of engagement.

This skill replaces the previous defensive audit orchestrator. Use validate-findings mode when you have deduplicated defensive findings and want exploitability research; use engagement mode for a scoped offensive workflow.

Not a blind scanner. Not a jailbreak or permission bypass. Not runnable against production without explicit written scope. recon-security remains the focused live external recon and pentest skill; hacker orchestrates broader scoped engagements and sandbox validation.

When to use

• User asks for an authorized offensive security engagement, red-team plan, pentest workflow, or Kill Chain style assessment.
• User wants a preset-driven workflow for web app, network, cloud, mobile, Active Directory, bug bounty, or red-team work.
• Defensive audit found issues and the user wants to know which are actually exploitable.
• User asks to run an autoresearch loop, an iterative or multi-pass hypothesis loop, or to loop over findings for a bounded number of cycles.
• Bug bounty or IDOR claim needs sandbox reproduction before payout.
• You need parallel subagents for attack-path planning, exploitability research, validation plans, evidence review, or reporting.