Security
Security scanning and vulnerability detection
analyzing-malware-persistence-with-autoruns
by mukul975
Use Sysinternals Autoruns to systematically identify and analyze malware persistence mechanisms across registry
analyzing-docker-container-forensics
by mukul975
Investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to
analyzing-browser-forensics-with-hindsight
by mukul975
Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached
analyzing-dns-logs-for-exfiltration
by mukul975
'Analyzes DNS query logs to detect data exfiltration via DNS tunneling, DGA domain communication, and covert
analyzing-macro-malware-in-office-documents
by mukul975
'Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download
analyzing-linux-system-artifacts
by mukul975
Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover
analyzing-certificate-transparency-for-phishing
by mukul975
Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates,
analyzing-packed-malware-with-upx-unpacker
by mukul975
'Identifies and unpacks UPX-packed and other packed malware samples to expose the original executable code for
analyzing-campaign-attribution-evidence
by mukul975
Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or
security-threat-model
by openai
"Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Trigger only when the user explicitly asks to threat model a codebase or path, enumerate threats/abuse paths, or perform AppSec threat modeling. Do not trigger for general architecture summaries, code review, or non-security design work."
security-ownership-map
by openai
"Analyze git repositories to build a security ownership topology (people-to-file), compute bus factor and sensitive-code ownership, and export CSV/JSON for graph databases and visualization. Trigger only when the user explicitly wants a security-oriented ownership or bus-factor analysis grounded in git history (for example: orphaned sensitive code, security maintainers, CODEOWNERS reality checks for risk, sensitive hotspots, or ownership clusters). Do not trigger for general maintainer lists or non-security ownership questions."
code-reviewer
by alirezarezvani
Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations and code smells, generates review reports. Use when reviewing pull requests, analyzing code quality, identifying issues, generating review checklists.
active-directory-attacks
by sickn33
"Provide comprehensive techniques for attacking Microsoft Active Directory environments. Covers reconnaissance, credential harvesting, Kerberos attacks, lateral movement, privilege escalation, and domain dominance for red team operations and penetration testing."
azure-ai-contentsafety-py
by microsoft
Azure AI Content Safety SDK for Python. Use for detecting harmful content in text and images with multi-severity classification. Triggers: "azure-ai-contentsafety", "ContentSafetyClient", "content moderation", "harmful content", "text analysis", "image analysis".
azure-ai-contentsafety-ts
by microsoft
Analyze text and images for harmful content using Azure AI Content Safety (@azure-rest/ai-content-safety). Use when moderating user-generated content, detecting hate speech, violence, sexual content, or self-harm, or managing custom blocklists.
cloud-architect
by Jeffallan
Designs cloud architectures, creates migration plans, generates cost optimization recommendations, and produces disaster recovery strategies across AWS, Azure, and GCP. Use when designing cloud architectures, planning migrations, or optimizing multi-cloud deployments. Invoke for Well-Architected Framework, cost optimization, disaster recovery, landing zones, security architecture, serverless design.
php-pro
by Jeffallan
Use when building PHP applications with modern PHP 8.3+ features, Laravel, or Symfony frameworks. Invokes strict typing, PHPStan level 9, async patterns with Swoole, and PSR standards. Creates controllers, configures middleware, generates migrations, writes PHPUnit/Pest tests, defines typed DTOs and value objects, sets up dependency injection, and scaffolds REST/GraphQL APIs. Use when working with Eloquent, Doctrine, Composer, Psalm, ReactPHP, or any PHP API development.
kubernetes-specialist
by Jeffallan
Use when deploying or managing Kubernetes workloads. Invoke to create deployment manifests, configure pod security policies, set up service accounts, define network isolation rules, debug pod crashes, analyze resource limits, inspect container logs, or right-size workloads. Use for Helm charts, RBAC policies, NetworkPolicies, storage configuration, performance optimization, GitOps pipelines, and multi-cluster management.
tirith
by sheeki03
Terminal security analysis for shell environments. This skill should be used when checking commands for supply-chain attacks before execution, scanning repositories for hidden content or config poisoning, scoring URLs for homograph attacks, setting up AI tool protection for Claude Code / Cursor / Codex / Windsurf, downloading and executing scripts safely, investigating why tirith blocked a command, managing trusted patterns, running security audits, configuring MCP gateway proxies, or working with threat intelligence databases. Also use when the user mentions "tirith", "pipe-to-shell", "homograph", "ANSI injection", "zero-width", "punycode", "terminal security", "shell hook", "cloaking detection", "supply chain attack", "bidi override", "invisible unicode", or "config poisoning". Even if the user does not explicitly name tirith, use this skill when they ask about protecting shell environments, intercepting dangerous commands, or hardening AI agent tool execution.
security-best-practices
by openai
"Perform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/report, or secure-by-default coding help. Trigger only for supported languages (python, javascript/typescript, go). Do not trigger for general code review, debugging, or non-security tasks."
agentmail
by sickn33
Email infrastructure for AI agents. Create accounts, send/receive emails, manage webhooks, and check karma balance via the AgentMail API.
x-cmd
by x-cmd
Shell Superpowers for AI Agents.
x-arp
by x-cmd
Display ARP cache table with MAC vendor lookup and suspicious entry detection. Supports CSV, TSV, and TUI output. Dependency: This is an x-cmd module. Install x-cmd first (see x-cmd skill for installation options). see x-cmd skill for installation.
azure-ai-contentsafety-java
by microsoft
Build content moderation applications with Azure AI Content Safety SDK for Java. Use when implementing text/image analysis, blocklist management, or harm detection for hate, violence, sexual content, and self-harm.