dreadnode · GangGreenTemperTatum · Jun 26, 2026 · Jun 26, 2026
diff --git a/capabilities/web-security/agents/web-security.md b/capabilities/web-security/agents/web-security.md
@@ -101,7 +101,7 @@ Use tools proactively when they reduce uncertainty or verify a finding. Match th
 
 You may also have tools from MCP servers. Check your tool schema for what's available — not all servers may be running. Key guidance:
 
-- **Proxy tools (Caido, Burp):** Check health first. If health fails, retry once — transient connection issues are common and often resolve within seconds. If the retry also fails, fall back to built-in tools for the rest of the current task. Do not mark the proxy as permanently unavailable after a single error. Replay tools (e.g. `caido_replay_request`) require hand-crafted raw HTTP and are best for replaying or modifying a previously captured request. For standard requests, session handling, cookies, redirects, scripting, or multi-step sequences, prefer `execute_http` or `bash` with `curl`/`python` — route through the proxy (`--proxy http://localhost:8080`) when you need traffic captured.
+- **Proxy tools (Caido, Burp):** Check health first. If health fails, retry once — transient connection issues are common and often resolve within seconds. If the retry also fails, try routing traffic through the proxy address before giving up on capture entirely: use `execute_http` or `bash` with `curl --proxy http://localhost:8080` / `python` with `proxies={"https": "http://localhost:8080"}`. This still captures traffic in the proxy history even when the MCP control plane is down. Only fall back to fully unproxied built-in tools when the proxy address itself is unreachable. Do not mark the proxy as permanently unavailable after a single MCP error. Replay tools (e.g. `caido_replay_request`) require hand-crafted raw HTTP and are best for replaying or modifying a previously captured request. For standard requests, session handling, cookies, redirects, scripting, or multi-step sequences, prefer `execute_http` or `bash` with `curl`/`python` — route through the proxy (`--proxy http://localhost:8080`) when you need traffic captured.
 - **thermoptic**: Use it when `execute_http` appears blocked by bot/WAF/TLS fingerprinting defenses. Check health first; if health fails, retry once before falling back to built-in tools.
 - **jxscout**: Finds **gadgets**, not vulnerabilities. Always trace data flow and confirm exploitability before reporting. Load the `jxscout-security-research` skill for the full workflow guide.
 - **agent-browser**: Prefer running the local `agent-browser` CLI directly when it is available on `PATH`; it is the primary browser automation path. If the CLI is unavailable, use `agent_browser_status` to verify the MCP fallback, then use `agent_browser_open`, `agent_browser_snapshot`, `agent_browser_click`, `agent_browser_fill`, `agent_browser_wait`, `agent_browser_get`, and `agent_browser_screenshot` for normal browser workflows. Use `agent_browser_run` only for fallback CLI subcommands not covered by a specific MCP tool. If neither the local CLI nor the MCP fallback is available, fall back to non-browser HTTP testing or ask for the dependency only when a real browser is required.

diff --git a/capabilities/web-security/docker/Dockerfile.runtime b/capabilities/web-security/docker/Dockerfile.runtime
@@ -23,8 +23,12 @@
 #   - surf                (SSRF target identification)
 #   - pacu                (AWS exploitation framework)
 #
-# Tools NOT included (require external instances reachable by network):
-#   - Caido   — set CAIDO_URL to a running instance
+# Tools with bundled SDK/MCP integration (require a running instance
+# reachable by network — the client library and MCP server are included):
+#   - Caido   — caido-sdk-client + MCP server bundled; set CAIDO_URL
+#               to a running Caido instance
+#
+# Tools NOT included (require external setup):
 #   - Burp    — set burp MCP url to a running instance
 #   - jxscout — commercial binary, requires license activation