Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From talon
Fetches actionable intelligence for a target domain — CVEs, disclosed reports, and new features — by running learn.py and cross-referencing hunt memory. Outputs prioritized alerts with hunt recommendations.
How this command is triggered — by the user, by Claude, or both
Slash command
/talon:intelThe summary Claude sees in its command listing — used to decide when to auto-load this command
# /intel Fetch actionable intelligence for a target. ## What This Does 1. Runs `learn.py` for CVEs and advisories matching the target's tech stack 2. Fetches HackerOne Hacktivity for the target (via HackerOne MCP if available) 3. Cross-references with hunt memory — flags untested CVEs and new endpoints 4. Outputs prioritized intel with hunt recommendations ## Usage ## Output ## Data Sources | Source | What | Auth required? | |---|---|---| | `learn.py` — NVD | CVEs matching tech stack | No | | `learn.py` — GitHub Advisory | Security advisories | No | | `learn.py` — HackerOne Hackt...
Fetch actionable intelligence for a target.
learn.py for CVEs and advisories matching the target's tech stack/intel target.com
INTEL: target.com
═══════════════════════════════════════
ALERTS:
[CRITICAL] CVE-2026-XXXX — Next.js middleware bypass (CVSS 9.1)
target.com runs Next.js 14.2.3 (vulnerable). Patch: 14.2.4.
→ You haven't tested this endpoint yet. Hunt candidate.
[HIGH] New feature detected: /api/v3/billing/invoices
Not in your tested_endpoints list. 3 new paths.
→ New = unreviewed. Priority hunt target.
[INFO] 2 new disclosed reports on HackerOne for target.com
→ Read for methodology insights before hunting.
MEMORY CONTEXT:
Last hunted: 2026-03-24 (2 days ago)
Tech stack: Next.js 14.2.3, GraphQL, PostgreSQL
Untested CVEs: 1 critical, 0 high
| Source | What | Auth required? |
|---|---|---|
learn.py — NVD | CVEs matching tech stack | No |
learn.py — GitHub Advisory | Security advisories | No |
learn.py — HackerOne Hacktivity | Disclosed reports | No |
| HackerOne MCP (if connected) | Program stats, policy | No (public) |
| Hunt memory | Previously tested endpoints | Local files |
npx claudepluginhub skobyn/talon --plugin talon2plugins reuse this command
First indexed Jun 11, 2026
/intelFetches actionable intelligence for a target domain — CVEs, disclosed reports, and new features — by running learn.py and cross-referencing hunt memory. Outputs prioritized alerts with hunt recommendations.
/huntRuns full CVE hunting pipeline on an npm package: registry check, repo clone, code review, PoC development, validation gates, and report generation.
/scanRuns a multi-surface security scanner (SCA, secrets, authz, MCP, pipeline, logic, diff) with focused modes and supplementary output blocks. Exit codes convey severity.
/q-sec-stackRuns a security-stack intelligence investigation on a company, collecting evidence on tooling, team structure, and threats into a centralized CASE.md file.
/agents-forLists pentest-ai agents matching a domain or tag (web, ad, cloud, mobile, recon, etc.) with relevance and tier info.