Agent Skills

Rekal Usage Guide

rekal

Operational decision tree and rules for using Rekal memory tools and associated MCP memory helpers during sessions and onboarding.

DAG Diagnosis (Airflow)

Astronomer Agents

Structured root-cause diagnosis for failed Airflow DAGs with actionable fixes, impact assessment, and prevention recommendations.

OpenClaw Security Monitor

openclaw-security-monitor

Proactive security monitoring, threat scanning and automated remediation for OpenClaw deployments.

NVD CVE Vulnerability Search

netclaw

Search the NVD for CVEs by ID or keyword, retrieve CVSS scores, CWE info, affected configurations and remediation references to support audits, incident respons

Tabletop Exercise Designer

Arcanum Tabletop Exercises

Design and generate CISA-aligned cybersecurity tabletop exercises, facilitator guides, participant materials, technical atomics, and SOP gap analyses for incide

Analyzing Ransomware Leak Site Intelligence

anthropic-cybersecurity-skills

Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.

Analyzing Ransomware Leak Site Intelligence

asi

Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.

Memory Forensics

awesome-skills-cn

Guidance and practical commands for acquiring, analyzing, and extracting artifacts from volatile memory dumps for incident response and malware analysis.

Memory Forensics

awesome-skills-cn

Procedural guidance and tool-focused workflows for acquiring, analyzing, and extracting artifacts from RAM dumps for incident response and malware analysis.

Check Duplicates

ai-runbooks

Find potentially duplicate or similar cases before deep analysis by running a similarity check against existing cases and returning matching case IDs.

Blameless Post-Mortem

agent-skills

Structured, blameless incident post-mortem template that produces an executive summary, timeline, root cause analysis, and actionable remediation items.

CTI Expert

cti-expert

Comprehensive CTI/OSINT analyst skill that turns an agent into a multi-technique investigator for domain, email, username, phone, and image forensics without pa

Evaluating Threat Intelligence Platforms

anthropic-cybersecurity-skills

Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte

Deployment Rollback Manager

skillshub

Automate and safely execute deployment rollbacks with verification steps to recover from failed releases and minimize downtime.

MITRE ATT&CK T1557.001: Name Resolution Poisoning & SMB Relay

MITRE ATT&CK Agent Skills

Defensive analysis skill for MITRE ATT&CK T1557.001: helps triage, detection engineering, hunting, and incident response for name-resolution poisoning and SMB r

Power Word Kill

wizards-of-the-ghosts

Emergency containment skill: guidance and guarded procedure for immediate hard termination of processes, services, or accounts when graceful options are unavail

Observe WhatsApp

biblioteca

Operational diagnostics for WhatsApp: inspect message delivery, webhook deliveries/retries, triage API errors, and run phone-number health checks.

Diagnose Why Work Stopped

paperclip

Run a product-focused forensic investigation on stalled or looping issue trees, produce a root-cause write-up and an approval-gated remediation plan without shi

Agent Canvas

agent-canvas

Create and manipulate TLDraw whiteboard shapes, diagrams, and visual playbooks from the CLI to help agents visually communicate designs, incident timelines, and

OPS — Next Action

buildwithclaude

Prioritises operational work across fires, unread comms, ready-to-merge PRs, sprint issues, and revenue-impact GSD tasks to recommend the next action.

Memory Forensics Playbook

opencode-skills-collection

Practical guidance and commands for acquiring, analyzing, and extracting artifacts from memory dumps using tools like Volatility3 and common acquisition methods

ServiceNow Change Workflow

netclaw

ITSM-guided network change lifecycle: create and gate Change Requests, run pre-checks, execute via pyats-config-mgmt, verify post-change, record audit trail.

Request CVEs

skills

Generate CVE request packages and disclosure artifacts (MITRE form data, GitHub advisory draft, full vulnerability report, and vendor notification templates) fr

Investigation Mode — Orchestrated Debugging

plugins

Diagnostic coordinator skill that triages stuck, hung, or broken systems by checking logs, workflows, browser state, and deployment/environment in a strict, rep

Packet Capture Analysis

agent-skills

Analyze pcap/pcapng captures to produce protocol summaries, evidence-backed IP labeling, PNG visualizations and a structured Markdown report.

Threat Hunter

claude-skill-registry

Expert threat-hunting guidance to proactively search for IOCs, TTPs, and suspicious activity across SIEM and telemetry sources.

MITRE ATT&CK T1098 — Account Manipulation

MITRE ATT&CK Agent Skills

Defensive analysis and guidance for MITRE ATT&CK technique T1098 (Account Manipulation): detection, triage, hunting, and mitigation planning for enterprise envi

MITRE ATT&CK — T1569.001 Launchctl

MITRE ATT&CK Agent Skills

Defensive analysis skill for MITRE ATT&CK T1569.001 (Launchctl): detection, triage, and mitigation guidance for macOS adversary activity.

FireEye

application-skills

Integrate with FireEye via the Membrane CLI to discover alerts, events, hosts, malware details and run actions using pre-built connectors. Use when you need pro