MCP App StoreMCP App Store
from xalgorix627
Create, deploy, and monitor Thinkst Canary Tokens (web, DNS, document, AWS key) to detect lateral movement and credential misuse.
This skill automates creating and managing Thinkst Canary Tokens to act as tripwires across environments. It covers authenticating to the Canary API, creating web/DNS/document/AWS key tokens, deploying them to target locations, querying trigger history, and producing a deception coverage report for security operations teams.
Use when you want lightweight, low-cost early-warning sensors for attacker activity: seeding decoy credentials in file shares, embedding web-bugs in documents, placing DNS tokens where internal resolution occurs, or issuing decoy AWS keys to detect misuse. It's appropriate during pentests, red-team campaigns, or to add detection coverage to production environments where CloudTrail/webhook monitoring is available.
Best suited for agents with network and scripting capability (Claude Code, Codex/Copilot-style code assistants, or any automation harness that can call REST APIs and run Python).
This skill has not been reviewed by our automated audit pipeline yet.
Building Threat Hunt Hypothesis Framework
Framework and workflow to turn threat intelligence and telemetry into testable, falsifiable threat-hunting hypotheses for proactive detection.
Ransomware-Resilient Backup Strategy
Designs and documents a ransomware-resilient backup architecture (3-2-1-1-0), immutability, credential isolation and automated restore testing aligned to RPO/RT
Performing SSL/TLS Security Assessment
Use sslyze to assess SSL/TLS server configurations: supported protocols, cipher suites, certificate chains, HSTS/OCSP, and common vulnerabilities like Heartblee
Pentesting rsync (port 873)
Procedures and checks to enumerate and exploit rsync daemon modules (port 873), detect unauthenticated shares, brute-force auth, and safely verify read/write ex
Configuring Identity-Aware Proxy (IAP) for Google Cloud
Step-by-step guide to secure Google Cloud services (Compute, App Engine, Cloud Run, GKE) with Identity-Aware Proxy, access levels, and programmatic service-acco
Pentesting FreeIPA — LDAP & Kerberos attack paths
Offensive/blue-team skill for authorized pentests: enumerates FreeIPA/LDAP/Kerberos environments, finds HBAC/sudo misconfigurations, reuses CCACHE/keytabs and m
Reverse Engineer
Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for
Sandbox0 Integration
Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
Azure External Attack Surface Management
Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform
Node.js Best Practices
Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.
radar — Smart Contract AST & Security Analysis
Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r
Bash Pro
Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.