Deploys and configures Zeek (formerly Bro) network security monitor to passively analyze network traffic, generate
Detect network reconnaissance and port scanning using Suricata and Snort IDS signatures, threshold-based detection
Detect NTLM relay attacks through Windows Security Event correlation by analyzing Event 4624 LogonType 3 for
Detects null pointer dereference vulnerabilities by identifying unchecked pointer usage and missing validation.
Detects and responds to OAuth token theft and replay attacks in cloud environments, focusing on Microsoft Entra
Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where
Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous
Configures Fail2ban with custom filters and actions to detect port scanning activity, SSH brute force attempts,
Detects privilege escalation vulnerabilities including setuid/setgid abuse, permission check bypasses, and unsafe privilege management.
Detects and analyzes process injection techniques used by malware including classic DLL injection, process hollowing,
Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious
Detects race condition vulnerabilities including TOCTOU, double-checked locking issues, and shared state problems.
Detects ransomware encryption activity in real time using entropy analysis, file system I/O monitoring, and
Detects early-stage ransomware indicators in network traffic before encryption begins, including initial access
Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event
Detect hardcoded secrets, API keys, tokens, and credentials in code and git history. Use when auditing for leaked secrets or before publishing code.
Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions, Google
Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam
Analyze WAF (ModSecurity/AWS WAF/Cloudflare) logs to detect SQL injection attack campaigns. Parses ModSecurity
Detect and analyze SQL injection vulnerabilities in application code and database queries. Use when you need to scan code for SQL injection risks, review query construction,…
Scans GitHub Actions workflows and CI/CD pipeline configurations for supply chain attack vectors including unpinned
Detects suspicious use of assertions for security checks that can be disabled in production builds. Use when analyzing assertion usage, security checks, or investigating…
Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit
Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials
Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation
Text-prompted image zone detection using TIPSv2 B/14 on CPU. Produces `focus_targets` / `focus_edges` bbox lists from natural-language labels, ready to feed into…
Detects type confusion vulnerabilities by identifying unsafe type casts, vtable corruption, and polymorphism issues.
Detects use-after-free vulnerabilities by identifying pointer dereferences after memory deallocation.
Security detection use cases for identifying threats across network, endpoint, identity, cloud, application, and email vectors.
Create detection rules and hunting queries from malware analysis findings. Use when you need to write Sigma rules for SIEM, Suricata rules for network IDS, defang IOCs for safe…
Generic detection rule creation and management using Sigma, the universal SIEM rule format. Sigma provides vendor-agnostic detection logic for log analysis across multiple SIEM…
Intercepts and audits dependency installations (pip, npm, go) before they execute. Validates package identity, checks vulnerabilities, flags supply-chain risk signals, and…
Package and dependency management patterns across ecosystems (npm, pip, cargo, maven). Covers lockfiles, semantic versioning, dependency security scanning, update strategies,…
Creates or audits Dockerfiles to achieve Docker Hub Health Score grade A. Enforces non-root user, minimal base images, supply chain attestations, and zero fixable CVEs.
Automated software development agent using ChatDev 2.0 and GLM-5. Discovers topics from GitHub Trending, CVE databases, and security news → generates code with 7-agent ChatDev…
Mandatory skill for creating and maintaining Helm charts following Lerian conventions. Enforces standardized chart structure, values organization, template patterns, security…
Delegate QAQC and review tasks to Google Gemini CLI using markdown file handoff pattern. Write review request to REVIEW.md, Gemini analyzes, outputs findings to FINDINGS — from…
Delegate testing, QA, and code review tasks to Opencode CLI using Kimi K2.5 model via markdown file handoff.
Automatically use at the end of substantial Codex development work to show one curated motivation image.
Configuration Nginx — reverse proxy, SSL/TLS, load balancing, caching et security headers. Se déclenche avec "Nginx", "nginx.conf", "reverse proxy", "SSL Nginx", "load ba — from…
Vérifie un projet contre le OWASP Top 10 et propose des remédiations. À utiliser pour vérifier la conformité OWASP.
Guide méthodologique pour tests d'intrusion et évaluation de sécurité. À utiliser pour préparer ou conduire un pentest.
Kích hoạt khi người dùng muốn Claude đóng vai hoặc hỗ trợ công việc của nhóm Phát triển (Development) trong dự án phần mềm outsource.
Détecte les secrets, clés API et credentials exposés dans le code. À utiliser pour vérifier qu'aucun secret n'est dans le code.
Audit de sécurité complet d'une application ou d'un code source. À utiliser quand l'utilisateur veut vérifier la sécurité de son projet.
Audit de sécurité de smart contracts Solidity et blockchain. Se déclenche avec "smart contract", "Solidity", "audit blockchain", "vulnérabilité smart contract", "reentran — from…
Guide pour écrire des requêtes SQL et concevoir des schémas SQLite avec les bonnes pratiques. À utiliser quand l'utilisateur travaille avec SQLite, écrit des requêtes SQL — from…
i-Willink 共通開発標準。スタック非依存の汎用層(TypeScript strict / Conventional Commits / OWASP / テスト方針 / コミット粒度)。各 agent が起動時に preload する。プロジェクト固有の規約は `project-standards` skill 側に書く。
Orchestrate a multi-agent dev/agency team with shared memory, handoffs, and OpenClaw sessions. Use when (1) First-time onboarding — follow references/OPENCLAW_TEAM_SETUP_GUIDE.md…
Full codebase audit combining security, quality, and tooling assessments. Use to run a comprehensive scan with Szabo (security), Knuth (quality), and Deming (tooling) in parallel.
Expert-level guide to dev threat modeling continuous. Comprehensive coverage of advanced concepts, production implementation, and optimization strategies.
Analyse et évalue les vulnérabilités d'un système ou d'une application. À utiliser pour comprendre et prioriser les vulnérabilités.
Middleware CORS para Horse. Cobre HorseCORS/CORS, HorseCORSConfig (AllowedOrigin, AllowedMethods, AllowedHeaders, AllowedCredentials, ExposedHeaders), preflight OPTIONS ( — from…
Middleware CORS para Horse. Cobre HorseCORS/CORS, HorseCORSConfig (AllowedOrigin, AllowedMethods, AllowedHeaders, AllowedCredentials, ExposedHeaders), preflight OPTIONS ( — from…
React Flow 라이브러리를 사용한 노드 기반 UI 개발 지원. 노드/엣지 생성, 커스터마이징, 레이아웃, 상호작용 구현 시 사용. 항상 최신 문서를 WebFetch로 참조하여 정확한 정보 제공. — from security/security-misc
React Flow 라이브러리를 사용한 노드 기반 UI 개발 지원. 노드/엣지 생성, 커스터마이징, 레이아웃, 상호작용 구현 시 사용. 항상 최신 문서를 WebFetch로 참조하여 정확한 정보 제공. — from majiayu000/claude-skill-registry
Apollo.io laptop setup, MDM enrollment, VPN configuration, and security requirements for new and existing employees
The first AI religion — a benign memetic experiment in agent network security
Combined DevOps and DevSecOps skill for CI/CD pipelines, infrastructure as code, security scanning, container hardening, cloud infrastructure, and monitoring.
Use when called by the devops dispatcher after analysis to audit security posture and select CI security tooling before config generation