gb_flea/skills
1
0
Fork 0
forked from farhoodlabs/skills
Code Pull Requests Activity

docs: elaborate Hightower skill and remove namespace hardcoding

Browse Source 
- Add architecture overview explaining what Hightower is: AI pentest platform
  forked from KeygraphHQ/shannon, with hightower-api (Hono), Shannon workers
  in K8s Jobs, Temporal orchestration, and workspace PVC for reports
- Remove hardcoded `hightower` namespace from intro prose and example URL
  (the API URL comes from HIGHTOWER_API_URL env var; namespace is irrelevant)
- Add hightower to README index and CLAUDE.md skill list

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Goose
2026-04-22 00:20:10 +00:00
parent d182f3817d
commit b489688201
3 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hightower/SKILL.md
+10 -4
View File
@@ -7,7 +7,15 @@ allowed-tools: Bash, Read
# Hightower: Penetration Testing API
Hightower is deployed in the `hightower` namespace on Kubernetes. It exposes a REST API for scan management and a Temporal cluster for workflow orchestration.
Hightower is an AI-powered penetration testing platform forked from [KeygraphHQ/shannon](https://github.com/KeygraphHQ/shannon). It runs multi-agent security assessments against a target URL and git repository, coordinating up to 13 specialized AI agents (recon, auth testing, injection, etc.) to produce a structured findings report.
**Architecture:**
- **`hightower-api`** — Hono REST API. Accepts scan requests, creates Kubernetes Jobs for each scan, queries Temporal for job progress, and serves reports from the workspace PVC.
- **Worker** — Shannon fork running inside K8s Jobs. Each scan gets its own Job; the worker executes the full AI agent pipeline against the target.
- **Temporal** — Workflow orchestration engine. Tracks scan state, retries, and completion.
- **Workspace PVC** — Persistent volume where completed scan reports are stored and served by the API.
Scans are triggered via REST API and run asynchronously. Typical scan duration is ~36 minutes for the full 13-agent pipeline.
## Configuration
@@ -15,7 +23,7 @@ All settings come from environment variables:
| Variable | Description |
|----------|-------------|
| `HIGHTOWER_API_URL` | Hightower REST API base URL (e.g., `http://hightower-api.hightower:3000`) |
| `HIGHTOWER_API_URL` | Hightower REST API base URL (e.g., `http://hightower-api:3000`) |
| `HIGHTOWER_API_TOKEN` | Bearer auth token for the Hightower API |
---
@@ -111,8 +119,6 @@ grep -A 10 "^### \[HIGH\]" report.md
2. **completed** — Job succeeded, report available at `{workspace}/report`
3. **failed** — Job failed (check pod logs)
Typical runtime: ~36 minutes for a full 13-agent pipeline.
---
## Notes