How Skills and MCP Influence AI‑Driven Vulnerability Discovery

Skills and Large Language Model Performance

Practical experience with AI agents and discussions with peers show that Skills can limit the effectiveness of large language models (LLMs) in security testing. An informal 80/20 observation attributes roughly 80 % of the result to the LLM’s intrinsic capability and about 20 % to Skills as an auxiliary aid.

When the same prompt is given to high‑capacity models such as GPT or Claude, they quickly de‑obfuscate JavaScript and set up the required environment. A weaker model, even with the same Skills, may spend hours without completing the task.

The most beneficial role of Skills is to keep the LLM from drifting off‑track, acting as a safety net that unlocks additional potential rather than forcing the model down a cumbersome or incorrect path.

MCP vs. Skills

Compared with Skills, the earlier‑introduced Model Control Prompt (MCP) is currently more useful. MCP is not merely a prompt; it also supplies the agent with a selectable set of operational tools.

Burp MCP Traffic Analysis Workflow

A concrete workflow using Burp MCP to paginate proxy_http_history (100 entries per page) and aggregate traffic consists of the following steps:

Retain only API endpoints; discard static resources such as JavaScript, CSS, and images.

Count unique API endpoints and their request frequencies.

Extract full request/response pairs for authentication‑related APIs (login, logout, token, password, oauth).

Check for IDOR by extracting parameters of type ID from request bodies.

Detect sensitive data (e.g., ID numbers, bank cards) in responses.

Search for injection vectors by looking for HTML tags or special characters in parameters.

Classify findings according to OWASP Top 10 (2021) and assign severity levels.

Analyze relationships between packets to uncover logical flaws.

The process performs only passive traffic analysis; no active requests are sent.

1. Keep only API endpoints, discard js/css/images.
2. Count unique API endpoints and frequencies.
3. Extract full requests/responses for login/logout/token/password/oauth.
4. Check IDOR: extract ID‑type parameters from request bodies.
5. Check sensitive data: look for ID numbers, bank cards, financial data in responses.
6. Check injection: search for HTML tags or special characters in parameters.
7. Output findings classified by OWASP Top 10 (2021) with severity.
8. Analyse packet relationships for logical vulnerabilities.

Only passive analysis; no active requests.

MCP Implementations

GitHub repository: https://github.com/six2dez/burp-ai-agent

Burp built‑in MCP (referenced in the original article)

Yak MCP (referenced in the original article)

chrome‑devtools‑mcp invoked via

npx chrome-devtools-mcp@latest --browser-url=http://127.0.0.1:9222

jadx‑mcp‑server configuration example:

{
  "type": "sse",
  "url": "http://127.0.0.1:11432/sse"
}

These implementations demonstrate how MCP can be integrated into different tooling ecosystems to provide LLMs with concrete operation capabilities during security testing.