---
title: "Triage active security incidents with AI-augmented workflows in Valhuntir CLI"
description: "Guide live digital-forensics and incident-response work with human approval gates when the job is evidence review and triage, not general MCP setup."
verification: "listed"
source: "https://github.com/AppliedIR/Valhuntir"
author: "AppliedIR"
publisher_type: "GitHub repository"
category:
  - "Runbooks & Diagnostics"
framework:
  - "Multi-Framework"
tool_ecosystem:
  github_repo: "AppliedIR/Valhuntir"
  github_stars: 40
---

# Triage active security incidents with AI-augmented workflows in Valhuntir CLI

Guide live digital-forensics and incident-response work with human approval gates when the job is evidence review and triage, not general MCP setup.

## Prerequisites

Valhuntir CLI and gateway components, forensic artifacts, and an MCP-compatible local client under human analyst control

## Installation

Choose whichever fits your setup:

1. Copy this skill folder into your local skills directory.
2. Clone the repo and symlink or copy the skill into your agent workspace.
3. Add the repo as a git submodule if you manage shared skills centrally.
4. Install it through your internal provisioning or packaging workflow.
5. Download the folder directly from GitHub and place it in your skills collection.

Install command or upstream instructions:

```
Follow the upstream Valhuntir setup to install the CLI and supporting components, connect a supported local MCP-compatible client, and run investigations with the documented approval and evidence-review controls.
```

## Documentation

- https://github.com/AppliedIR/Valhuntir#readme

## Source

- [Agent Skill Exchange](https://agentskillexchange.com/skills/triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli/)