Automated evidence collection across compliance frameworks from cloud providers, identity systems, and security tools
Systematically verifies suspected security bugs to eliminate false positives. Produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence for each bug.
Build a compliance bundle — CycloneDX SBOM, SPDX license report, SARIF findings, OpenVEX/CycloneDX VEX, optional cosign signatures, manifest.json with SHA-256 sums, Markdown…
Cross-agent self-inspection of your AI-agent stack. Audits skills, MCP servers, hooks, plugins, commands, credentials, and memory files across Claude Code, Codex, OpenClaw, and…
Run the Vibe Innovation Framework mini-gate assessment to scope, justify, and execute a loop-back. Use when evidence in the current phase suggests an earlier phase's output is…
Security forensics for git repos, AI skills, and MCP servers. Audits dependencies, detects prompt injection, credential theft, runtime dynamism, manifest drift, known CVEs, CISA…
**WORKFLOW SKILL** — Risk awareness before action. USE FOR: assessing risks (security, data integrity, compatibility, operational, reversibility) of any task at variable depth.
MANDATORY verification system that prevents Claude Code instances from making false claims or fabricating evidence.
MANDATORY verification system that prevents Claude Code instances from making false claims or fabricating evidence.
Govern Alibaba Cloud Container Registry (ACR) — Enterprise Edition vs Personal Edition selection, image vulnerability scanning, namespace IAM least privilege, image retention…
Use when user mentions ticker symbols, tokens, forex pairs, commodities, portfolio, trade, DCF, valuation, technical analysis, on-chain metrics, risk management, position sizing,…
Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or
Uses the Linux Audit framework (auditd) with ausearch and aureport utilities to detect intrusion attempts, unauthorized
Business performance and context analysis for CX projects. Diagnoses a company's health across five domains — revenue, customer metrics, operational health, market position, and…
Assesses Non-Functional Requirements (security, performance, reliability, maintainability, observability) with evidence-based codebase analysis.
Conducts digital forensics investigations following a personal data breach, covering evidence preservation, chain of custody documentation, log analysis, scope determination, and…
Analyze web browser artifacts for forensic investigation. Use when investigating user browsing activity, downloaded files, cached content, or web-based attacks.
Use when determining the amount of alimony under Polish KRO — calculating justified needs of the entitled person vs. earning/property capacity of the obligor (art.
On-chain analysis and transaction forensics for blockchain security investigations. Provides capabilities for tracing fund flows, identifying suspicious patterns, MEV analysis,…
Configures Windows Event Logging with advanced audit policies to generate high-fidelity security events for
Docker, containerd/CRI-O, and Kubernetes forensic investigation covering container inventory (docker and crictl), privilege checks, image verification, layer analysis (dive),…
Use when the user faces a PR crisis or reputational threat and needs rapid severity assessment, stakeholder messaging, and a communication timeline.
Digital forensics and blockchain analysis for CTF challenges. Use when analyzing disk images, memory dumps, event logs, network captures, or cryptocurrency transactions.
Compliance and security auditing for Cursor IDE usage: SOC 2, GDPR, HIPAA assessment, evidence collection, and remediation.
Analyze disk images and file systems for forensic investigation. Use when investigating data theft, insider threats, malware persistence, deleted file recovery, or any incident…
Analyze email messages and mailbox data for forensic investigation. Use when investigating phishing attacks, business email compromise, insider threats, or any scenario requiring…
EU NIS2 Directive (Directive (EU) 2022/2555) expert. Reference-depth knowledge of essential vs important entity classification, Article 20 governance, the Article 21 ten…
Dispatches `forge-expert` subagents in parallel — one per chosen domain — to produce focused analyses of a feature against the codebase before a plan is drafted.
Extract cached credentials, password hashes, Kerberos tickets, and authentication tokens from memory dumps using
Forensics Data Collector - Auto-activating skill for Security Advanced. Triggers on: forensics data collector, forensics data collector Part of the Security Advanced skill…
SQL-powered forensic investigation and system interrogation using osquery to query operating systems as relational databases.
Investigate GitHub security incidents using tamper-proof GitHub Archive data via BigQuery. Use when verifying repository activity claims, recovering deleted…
Generate, export, load, and verify forensic evidence from GitHub sources. Use when creating verifiable evidence objects from GitHub API, GH Archive, Wayback Machine, local git…
A multifaceted OSINT and forensics tool for GitHub repositories that detects fake stargazers, tampered commits, infected releases, leaked PGP keys, and suspicious contributor…
Govern Huawei Cloud SWR (Software Repository for Container) — image retention policy, vulnerability scanning via VSS (Vulnerability Scan Service) integration, namespace permission…
Implement and maintain compliance with SOC 2, HIPAA, PCI-DSS, and GDPR using unified control mapping, policy-as-code enforcement, and automated evidence collection.
Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation,
Audit IONOS Cloud security and compliance posture covering GDPR data residency and data sovereignty, ISO 27001 control alignment, encryption at rest and in transit, private LAN…
Endpoint visibility, digital forensics, and incident response using Velociraptor Query Language (VQL) for evidence collection and threat hunting at scale.
Analyze system, application, and security logs for forensic investigation. Use when investigating security incidents, insider threats, system compromises, or any scenario…
Investigate Salesforce login activity using LoginHistory, IdentityVerificationHistory, and Login Forensics (Event Monitoring add-on): reconstruct per-user login timelines,…
Run adversarial review. Use for PR/diff/code/security/UX/API/performance/design review, or when behavior, records, evidence, risks, or acceptance claims need pressure-testing…
Route security-sensitive work before implementation. Use when authentication, authorization, user input, secrets, sensitive data, uploads, webhooks, external integrations,…
Use when administering a Synapse / Matrix homeserver — list or snapshot all rooms, rate room health (public, unencrypted, orphaned), render a Graphviz map of the room/space tree,…
Comprehensive techniques for acquiring, analyzing, and extracting artifacts from memory dumps for incident response and malware analysis.
Prepare a project for release through Mission Control. Use when validation, docs, versioning, changelog, limitations, evidence, deployment readiness, and security concerns need…
EU NIS2 Directive (Directive (EU) 2022/2555) compliance advisor for essential and important entities — entity classification, Art. 21 risk management measures, Art.
Operational security management — traffic shaping, scan rate limiting, source IP management, tool signature avoidance, evidence handling, anti-detection patterns.
OSINT Investigator v2.1 — comprehensive open-source intelligence skill. Triggers on: OSINT, recon, digital footprint, dorking, social media investigation, username lookups, email…
Digital forensics — evidence acquisition, memory/disk imaging analiz, timeline reconstruction, IOC extraction advisory.
Operator OPSEC + evidence handling — operator identity hygiene, source IP design, burner infrastructure, evidence chain of custody, log retention advisory.
Uses Falco YAML rules for runtime threat detection in containers and Kubernetes, monitoring syscalls for shell
Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox,
Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines
Configure Cedar policy enforcement and Ed25519 signed receipts for Claude Code tool calls. Use when setting up projects that need cryptographic audit trails, policy-gated tool…
Use for recurring backup-restore validation and disaster-recovery simulation, including restore runbooks, drill frequency, pass/fail gates, evidence capture, and remediation…
Draft a professional Hebrew letter for an Israeli traffic-ticket appeal — בקשה לביטול דו"ח or בקשה להישפט. Respectful tone, factual claims only, evidence list, requested remedy.
Guide live digital-forensics and incident-response work with human approval gates when the job is evidence review and triage, not general MCP setup.
FINRA Broker-Dealer Cybersecurity Guidance expert. Stub-depth framework plugin that routes to the SCF crosswalk.
15-agent hierarchical mesh coordination for v3 implementation. Orchestrates parallel execution across security, core, and integration domains following 10 ADRs with 14-week…