Quentin Khoo

A few things you need to do to make Claude a great hacking partner: 1. Install the Caido skill (https://t.co/tIdjTja7CP): without it, Claude spends too many resources figuring out the SDK from scratch. 2. A CLAUDE .md that tells Claude who you are. Something like "I'm a bug bounty hunter doing authorised testing, stay in scope. Don't take destructive actions unless it's accounts I own. POC or GTFO." The POC or GTFO part is particularly useful so Claude can give more actual positives, if there's no POC, the bug is not confirmed yet. (of course, have a scope .md in your engagement folder) 3. Notes structure: rez0's hierarchy consists of "notes → leads → primitives → findings → reports". Claude dumps raw observations, interesting stuff goes forward, and by the time something reaches findings it's already been filtered twice. Point this to a local folder so you can check everything later. Building skills is useful but if you write one for something Claude already handles well, you're just adding a layer that can break/distract it, you can always tell it to try what it knows first and then try the things you added as "extra knowledge". Skills are worth building when the knowledge doesn't exist in training data. Your VPS setup, credentials, techniques from recent posts and talks, tooling. If it's not on the internet or isn't well known, it needs to be in a skill.

I'm sure some people already have their own way of doing things, but I figured I'd share a Claude Code / general vibe-coding tip for people that I've found super useful. I don't think it's a secret that you should be getting an LLM to write your main instruction file (CLAUDE.md or equivalent). However, I've had really good results by telling the LLM to create this plan document, giving it a brief description of the thing I want to build, and including the following: > Reminder: I want a plan as the output here, not the code. > IMPORTANT: I want you to ask me questions now about any details, edge cases, features, etc. so that I can better instruct you. Keep asking me questions and DO NOT start writing the plan until I have explicitly told you I think you have enough information. (> included here for clarity). The reminder I've found useful because sometimes the LLM will go off and try to be too helpful, actually starting to write the code for you. The final line is key though. A good LLM will keep asking better and better questions, often giving you options to choose from. Iteratively refining the prompt until you have more information than you would have given it on your own.