Helio is the first enigma pack: a bug-bounty and offensive-security harness, created in collaboration with the Dymo Intelligence Team. Like every pack it runs in a dedicated, isolated agent context - its skills and commands never load into the agent you use for everyday coding.
Use Helio only against targets you are explicitly authorised to test. It is built for professional bug bounty, VAPT and red-team engagements with a valid scope and rules of engagement.
What’s in the pack
- 13 skills across recon, vulnerability classes, web3 audit, Active Directory, cloud, OPSEC and reporting.
- ~20 slash commands - the hunting loop (
/recon,/hunt,/validate,/report), autonomous (/autopilot), and specialised passes (/web3-audit,/ad-attack,/token-scan). - Specialised sub-agents - recon ranking, chain building, validation, report writing and more.
- MCP servers - HackerOne and a Burp client, registered on demand.
Where to go next
- Getting started - install Helio, launch it, and pick which account seeds it.
- Workflow - the scope-first hunting loop and the rules that keep it honest.
- Commands - the full reference for every slash command, grouped by domain.
- MCP and tooling - the HackerOne and Burp servers and how to enable them.