0xPira / SSKills

Public

SSkills (Slop Skills) is a public collection of specialist skills for security agents and human reviewers. Each skill packages structured domain knowledge, sources, examples, safety gates, and validation scripts to help turn noisy security signals into clear triage decisions, rejected false positives, and bounded manual proof contracts.

100% credibility

Found May 28, 2026 at 16 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

JavaScript

AI Summary

SSkills is a collection of public, safety-first specialist knowledge bases for security agents and reviewers, starting with an HTTP Request Smuggling/Desync specialist, designed to provide triage and classification guidance without automated exploit generation.

Star Growth

See how this repo grew from 16 to 13 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is SSkills?

SSkills (Slop Skills) is a JavaScript framework for packaging specialist security knowledge into reusable, validated skill modules. Think of it as a structured knowledge base designed for security agents and human reviewers to triage findings without generating exploits automatically. Each skill includes triage routers, safety gates, structured output schemas, and compact technique documentation. The first available skill focuses on HTTP request smuggling and desync vulnerabilities, covering parser discrepancies, protocol boundaries, and manual proof contracts.

Why is it gaining traction?

The project fills a gap between raw vulnerability scanners and human expert analysis. Instead of flooding analysts with noisy signals, SSkills provides bounded triage workflows that reject false positives early and produce clear decision contracts. The safety-first design is intentional -- no automatic malformed framing or victim traffic manipulation. Developers building security automation pipelines will appreciate the structured output format that makes downstream processing predictable. The validation tooling ensures skills stay consistent as the knowledge base grows.

Who should use this?

Security teams running automated triage pipelines need structured decision frameworks, not just raw findings. DevSecOps engineers integrating security agents into CI/CD workflows will find the bounded output contracts useful. Bug bounty hunters and penetration testers can use the technique cards for structured research documentation. It is less useful for general application developers or teams without dedicated security analysis workflows.

Verdict

At 13 stars with only one implemented skill, SSkills is early-stage and unproven at scale. The 1.0% credibility score reflects this limited adoption and community validation. The framework design is sound and the safety-first approach is responsible, but until more skills exist and real-world usage validates the approach, treat this as a promising prototype rather than production infrastructure. Watch this space if security agent tooling interests you.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 13 stars

Penalty: Very new repo (0d): -70%

Bonus: AI verified quality (100%)

Account age: 503 days

Repo age: 0 days

License: MIT

Updated: May 28, 2026