← ClaudeAtlas

poclisted

Empirical proof-of-concept for the PoC-ready findings. For each finding /verify marked confirmed-exploitable or inconclusive, synthesize a minimal harness that triggers the bug; a host script then runs it in a sandbox (Docker --network none when present, else a gated local run) and classifies the crash into a proof verdict. Attaches a poc block onto each finding. Requires /verify first.
allsmog/kuzushi-security-plugin · ★ 0 · AI & Automation · score 64
Install: claude install-skill allsmog/kuzushi-security-plugin
# PoC Build and empirically run proof-of-concepts for the PoC-ready findings. 1. Run `node "${CLAUDE_PLUGIN_ROOT}/scripts/cmd/poc-prepare.mjs" --target "<repo root>"`. If it reports no PoC-ready findings, tell the user to run `/verify` first and stop. 2. Read the prep's `prepPath`. Note its `sandbox` field (`docker` / `local` / `none`) — it tells you whether the harness will actually run. For **each** candidate, write the **smallest harness that triggers the bug** described in its `verification.pocSketch` into the candidate's `harnessDir` (write files only there — never edit application code), and record it in the draft. Also wire a **negative control**: emit a `negativeRunCommand` that drives the same harness with the finding's `verification.negativePoc` (the benign, in-spec input). The host runs both — the attack must fire while the control stays clean; a harness that fires on both is scored `non-discriminating` and does **not** advance the finding. 3. Write the `{ candidates: [...] }` bundle to the prep's `draftPath`, then run the `assembleCommand`. The host script (not you) runs each harness in the sandbox, classifies the result (differentially when a negative control is present), persists `.kuzushi/poc.json` with run logs, and attaches a `poc` block onto each finding. 4. Report the proof verdict + level per finding (and which were `exploited`). If `sandbox` was `none`, note the harnesses were written but not executed — the user can r