{"id":"d460447d-5d3c-4f28-8800-a41c2c6a0104","shortId":"y9g49s","kind":"skill","title":"Run autonomous white-box pentests against web apps and APIs with Shannon","tagline":"Analyze a web app's source code, execute real exploit attempts against the running target, and return proof-backed findings before release.","description":"# Run autonomous white-box pentests against web apps and APIs with Shannon\n\nAnalyze a web app's source code, execute real exploit attempts against the running target, and return proof-backed findings before release.\n\n## Prerequisites\n\nNode.js 18+, Docker, target web app URL, local source repository, model/API credentials supported by Shannon\n\n## Installation\n\nRequirements and caveats from upstream:\n- **Data Flow Analysis (SAST)**: Identifies sources (user input, API requests) and sinks (SQL queries, command execution), then traces paths between them. At each node, an LLM evaluates whether the specific sanitization...\n- | **Analysis Engine** | Code review prompting | CPG-based data flow with LLM reasoning at every node |\n- [Prerequisites](#prerequisites)\n\nBasic usage or getting-started notes:\n- Shannon closes that gap by providing on-demand, automated penetration testing that can run against every build or release.\n- **Parallel Processing**: Vulnerability analysis and exploitation phases run concurrently across all attack categories.\n- [Setup & Usage Instructions](#setup--usage-instructions)\n\n- Source: https://github.com/KeygraphHQ/shannon\n- Extracted from upstream docs: https://raw.githubusercontent.com/KeygraphHQ/shannon/HEAD/README.md\n\n## Documentation\n\n- https://keygraph.io/\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/run-autonomous-white-box-pentests-against-web-apps-and-apis-with-shannon/)","tags":["run","autonomous","white","box","pentests","against","web","apps","and","apis","with","shannon"],"capabilities":["skill","source-agentskillexchange","skill-run-autonomous-white-box-pentests-against-web-apps-and-apis-with-shannon","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/run-autonomous-white-box-pentests-against-web-apps-and-apis-with-shannon","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,448 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:12:10.413Z","embedding":null,"createdAt":"2026-05-18T13:18:57.209Z","updatedAt":"2026-05-18T19:12:10.413Z","lastSeenAt":"2026-05-18T19:12:10.413Z","tsv":"'/keygraphhq/shannon':194 '/keygraphhq/shannon/head/readme.md':201 '/skills/run-autonomous-white-box-pentests-against-web-apps-and-apis-with-shannon/)':210 '18':75 'across':180 'agent':205 'agentskillexchange.com':209 'agentskillexchange.com/skills/run-autonomous-white-box-pentests-against-web-apps-and-apis-with-shannon/)':208 'analysi':97,126,174 'analyz':14,50 'api':11,47,103 'app':9,17,45,53,79 'attack':182 'attempt':24,60 'autom':160 'autonom':2,38 'back':33,69 'base':133 'basic':144 'box':5,41 'build':168 'categori':183 'caveat':92 'close':152 'code':20,56,128 'command':109 'concurr':179 'cpg':132 'cpg-base':131 'credenti':85 'data':95,134 'demand':159 'doc':198 'docker':76 'document':202 'engin':127 'evalu':121 'everi':140,167 'exchang':207 'execut':21,57,110 'exploit':23,59,176 'extract':195 'find':34,70 'flow':96,135 'gap':154 'get':148 'getting-start':147 'github.com':193 'github.com/keygraphhq/shannon':192 'identifi':99 'input':102 'instal':89 'instruct':186,190 'keygraph.io':203 'llm':120,137 'local':81 'model/api':84 'node':118,141 'node.js':74 'note':150 'on-demand':157 'parallel':171 'path':113 'penetr':161 'pentest':6,42 'phase':177 'prerequisit':73,142,143 'process':172 'prompt':130 'proof':32,68 'proof-back':31,67 'provid':156 'queri':108 'raw.githubusercontent.com':200 'raw.githubusercontent.com/keygraphhq/shannon/head/readme.md':199 'real':22,58 'reason':138 'releas':36,72,170 'repositori':83 'request':104 'requir':90 'return':30,66 'review':129 'run':1,27,37,63,165,178 'sanit':125 'sast':98 'setup':184,187 'shannon':13,49,88,151 'sink':106 'skill':206 'skill-run-autonomous-white-box-pentests-against-web-apps-and-apis-with-shannon' 'sourc':19,55,82,100,191,204 'source-agentskillexchange' 'specif':124 'sql':107 'start':149 'support':86 'target':28,64,77 'test':162 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'trace':112 'upstream':94,197 'url':80 'usag':145,185,189 'usage-instruct':188 'user':101 'vulner':173 'web':8,16,44,52,78 'whether':122 'white':4,40 'white-box':3,39","prices":[{"id":"a0f546aa-dbf8-423c-8d85-a3692255e747","listingId":"d460447d-5d3c-4f28-8800-a41c2c6a0104","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:18:57.209Z"}],"sources":[{"listingId":"d460447d-5d3c-4f28-8800-a41c2c6a0104","source":"github","sourceId":"agentskillexchange/skills/run-autonomous-white-box-pentests-against-web-apps-and-apis-with-shannon","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/run-autonomous-white-box-pentests-against-web-apps-and-apis-with-shannon","isPrimary":false,"firstSeenAt":"2026-05-18T13:18:57.209Z","lastSeenAt":"2026-05-18T19:12:10.413Z"}],"details":{"listingId":"d460447d-5d3c-4f28-8800-a41c2c6a0104","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"run-autonomous-white-box-pentests-against-web-apps-and-apis-with-shannon","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"5ba8c32365c38642234e00ff24838f5eb5748920","skill_md_path":"skills/run-autonomous-white-box-pentests-against-web-apps-and-apis-with-shannon/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/run-autonomous-white-box-pentests-against-web-apps-and-apis-with-shannon"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Run autonomous white-box pentests against web apps and APIs with Shannon","description":"Analyze a web app's source code, execute real exploit attempts against the running target, and return proof-backed findings before release."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/run-autonomous-white-box-pentests-against-web-apps-and-apis-with-shannon"},"updatedAt":"2026-05-18T19:12:10.413Z"}}