MCP App StoreMCP App Store
from awesome-skills-cn101
Procedural guidance and tool-focused workflows for acquiring, analyzing, and extracting artifacts from RAM dumps for incident response and malware analysis.
This skill collects practical procedures, tool commands, and best-practice checklists for memory acquisition and analysis across Windows, Linux, macOS, and virtual machines. It covers live acquisition tools, Volatility3 usage and plugins, detection patterns (injection, rootkits), YARA integration, string extraction, and recommended workflows for malware analysis and incident response.
Use when performing volatile memory capture, triage, or detailed forensic analysis during incident response or malware investigations. Applicable for analysts needing command examples for WinPmem/LiME/osxpmem, Volatility plugin usage, YARA scanning, and extraction/dumping workflows. Not intended for unrelated tasks or as a substitute for environment-specific legal/chain-of-custody procedures.
Best used by security-focused code/documentation assistants and incident-response tooling agents that can produce or validate forensic commands (e.g., Copilot, Claude Code).
Memory forensics reference skill covering acquisition, Volatility 3 usage, YARA rules, and detection patterns. No scripts bundled — pure reference/SKILL.md content. Well-structured command examples for Windows/Linux/macOS but lacks actionable automation. Primarily a knowledge base rather than an executable skill.
Comprehensive forensic reference content. Security is clean — no exfiltration, no pipe-to-shell, no hardcoded creds. Deductions: suggests `sudo dd if=/dev/mem` and `sudo insmod` which are standard forensics but dangerous if misused; `hashdump`/`lsadump` credential extraction commands are dual-use. Code quality: good command examples and workflows, but no scripts, no error handling, and the referenced playbook file is missing. Architecture: frontmatter minimal (no metadata.requires), no scripts/ or references/ dirs, monolithic SKILL.md with all content dumped inline. Usefulness: niche audience (incident responders/malware analysts), requires specialized tooling and expertise to use effectively.
Bash Pro
Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf
Ip2location IO Automation
Automates Ip2location IO workflows through Rube MCP: discover tools, manage connections, and execute schema-compliant operations.
Makepad Event/Action
Event and action handling patterns for Makepad widgets — guides handling Mouse/Touch/Keyboard events, Hit detection, action emission and parent capture.
Obsidian CLI (vault & plugin ops)
Command-line reference and usage patterns for the Obsidian CLI: read/create/append notes, search vaults, manage properties, and developer workflows for plugin r
Kickbox Automation (Rube MCP)
Automate Kickbox toolkit operations through Rube MCP (Composio): discover tools, manage connections, and execute schema-compliant Kickbox workflows safely.
TaskEither Quick Reference (fp-ts)
Concise cheat-sheet for fp-ts TaskEither: patterns for typed async error handling, composing Promises, and recoverable pipelines.
Memory Forensics
Guidance and practical commands for acquiring, analyzing, and extracting artifacts from volatile memory dumps for incident response and malware analysis.
Makepad Basics
Provides starter patterns, examples, and guidance for building Rust Makepad apps, including live_design/app_main patterns and common platform setup.
API Security Testing
A structured workflow for testing REST and GraphQL APIs covering discovery, authentication, authorization, input validation, rate limiting, and error handling.
Reverse Engineer
Guides and checklists for binary reverse-engineering workflows (IDA, Ghidra, radare2, angr) including static/dynamic analysis phases and best practices.
Caveman Compress
Compress natural-language memory files into a compact 'caveman' format to save LLM tokens while preserving code, links, and structure.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
Go Data Structures
Authoritative guidance on choosing and using Go built-in and standard-library data structures, with practical best practices for slices, maps, arrays, container
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.
Memory Search
Search past coding sessions and observations using natural-language queries to retrieve decisions, notes, and context.
Dune Analytics (MoonPay Integration)
Run Dune SQL and saved queries via the Dune REST API for on-chain analytics; pairs with MoonPay CLI to create/fund wallets for analysis.
IGF (Grapefruit) CLI
CLI skill to control the IGF (Grapefruit) dynamic instrumentation server for mobile security testing: enumerate Frida devices, inspect apps, run hooks, access f