Bounty Security Pattern Master Library

A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.

Install
cmdop skills install agensi-bounty-security-pattern-master-library

The Bounty Security Pattern Master Library is a skill that loads a machine-readable JSON dataset of 399 structured vulnerability patterns into an AI agent’s context, enabling targeted security audits and bug bounty research. The library covers classic web vulnerabilities mapped to CWE identifiers as well as emerging DeFi-specific attack categories including oracle manipulation paths, withdrawal accounting flaws, and cross-chain bridge redemption issues. A dedicated subset labeled “Monetrix” patterns addresses Hyperliquid-style and cross-chain protocol vulnerabilities that are not well represented in general-purpose security references.

For each pattern, the library provides exploitation hypotheses, root cause mappings, and false-positive checklists, which helps an agent move from generic code review toward reasoning about specific, exploitable scenarios. Agents can use the structured data to generate formatted audit summaries ready for triage or bounty platform submission, reducing manual effort in translating a finding into a reportable form.

The skill is designed for developers and security researchers who already have code or a protocol under review and want an agent to apply domain-specific knowledge rather than relying on a base LLM’s general security reasoning. Because no tools are exposed and no environment variables are required, the skill functions purely as a knowledge layer injected into the agent’s working context. It does not perform live scanning, connect to external APIs, or interact with any blockchain node.

Use cases

  • Use it to give an AI agent a structured reference library when auditing a Solidity smart contract for DeFi accounting bugs.
  • Use it to generate a formatted vulnerability report ready for submission to a bug bounty platform.
  • Use it to map suspicious code paths to CWE-identified vulnerability classes during a web application review.
  • Use it to check a candidate finding against false-positive checklists before spending time on a full proof-of-concept.
  • Use it to guide agent reasoning about cross-chain bridge and oracle trust assumptions in protocol audits.

When to use it

  • When auditing smart contracts or DeFi protocols where deep domain knowledge of accounting and cross-chain patterns is needed.
  • When a bug bounty researcher wants an agent to apply specific exploitation hypotheses rather than generic security advice.
  • When the workflow requires structured, submittable audit output rather than free-form commentary.
  • When reviewing code for CWE-mapped web vulnerabilities and needing a reference dataset the agent can reason against.

When not to use it

  • When live dynamic analysis or network scanning of a running system is required — this skill provides no tooling for active testing.
  • When the target is infrastructure, cloud configuration, or non-contract systems outside the skill's vulnerability pattern scope.
  • When a fully automated end-to-end scanner with direct code execution is needed; the skill is a knowledge layer, not an executor.
  • When no AI agent framework is in use — the skill has no standalone interface.