analysis-tshark
Network protocol analyzer and packet capture tool for traffic analysis, security investigations, and forensic examination using Wireshark's command-line interface. Use when: (1) Analyzing network traffic for security incidents and malware detection, (2) Capturing and filtering packets for forensic analysis, (3) Extracting credentials and sensitive data from network captures, (4) Investigating network anomalies and attack patterns, (5) Validating encryption and security controls, (6) Performing protocol analysis for vulnerability research.
Best use case
analysis-tshark is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. Network protocol analyzer and packet capture tool for traffic analysis, security investigations, and forensic examination using Wireshark's command-line interface. Use when: (1) Analyzing network traffic for security incidents and malware detection, (2) Capturing and filtering packets for forensic analysis, (3) Extracting credentials and sensitive data from network captures, (4) Investigating network anomalies and attack patterns, (5) Validating encryption and security controls, (6) Performing protocol analysis for vulnerability research.
Network protocol analyzer and packet capture tool for traffic analysis, security investigations, and forensic examination using Wireshark's command-line interface. Use when: (1) Analyzing network traffic for security incidents and malware detection, (2) Capturing and filtering packets for forensic analysis, (3) Extracting credentials and sensitive data from network captures, (4) Investigating network anomalies and attack patterns, (5) Validating encryption and security controls, (6) Performing protocol analysis for vulnerability research.
Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.
Practical example
Example input
Use the "analysis-tshark" skill to help with this workflow task. Context: Network protocol analyzer and packet capture tool for traffic analysis, security investigations, and forensic examination using Wireshark's command-line interface. Use when: (1) Analyzing network traffic for security incidents and malware detection, (2) Capturing and filtering packets for forensic analysis, (3) Extracting credentials and sensitive data from network captures, (4) Investigating network anomalies and attack patterns, (5) Validating encryption and security controls, (6) Performing protocol analysis for vulnerability research.
Example output
A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.
When to use this skill
- Use this skill when you want a reusable workflow rather than writing the same prompt again and again.
When not to use this skill
- Do not use this when you only need a one-off answer and do not need a reusable workflow.
- Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/analysis-tshark/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How analysis-tshark Compares
| Feature / Agent | analysis-tshark | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Network protocol analyzer and packet capture tool for traffic analysis, security investigations, and forensic examination using Wireshark's command-line interface. Use when: (1) Analyzing network traffic for security incidents and malware detection, (2) Capturing and filtering packets for forensic analysis, (3) Extracting credentials and sensitive data from network captures, (4) Investigating network anomalies and attack patterns, (5) Validating encryption and security controls, (6) Performing protocol analysis for vulnerability research.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agent for Product Research
Browse AI agent skills for product research, competitive analysis, customer discovery, and structured product decision support.
AI Agent for SaaS Idea Validation
Use AI agent skills for SaaS idea validation, market research, customer discovery, competitor analysis, and documenting startup hypotheses.
Best AI Skills for ChatGPT
Find the best AI skills to adapt into ChatGPT workflows for research, writing, summarization, planning, and repeatable assistant tasks.
SKILL.md Source
# TShark Network Protocol Analyzer
## Overview
TShark is the command-line network protocol analyzer from the Wireshark project. It provides powerful packet capture and analysis capabilities for security investigations, forensic analysis, and network troubleshooting. This skill covers authorized security operations including traffic analysis, credential extraction, malware detection, and forensic examination.
**IMPORTANT**: Network packet capture may expose sensitive information and must only be conducted with proper authorization. Ensure legal compliance and privacy considerations before capturing network traffic.
## Quick Start
Basic packet capture and analysis:
```bash
# Capture packets on interface
sudo tshark -i eth0
# Capture 100 packets and save to file
sudo tshark -i eth0 -c 100 -w capture.pcap
# Read and analyze capture file
tshark -r capture.pcap
# Apply display filter
tshark -r capture.pcap -Y "http.request.method == GET"
# Extract HTTP objects
tshark -r capture.pcap --export-objects http,extracted_files/
```
## Core Workflow
### Network Analysis Workflow
Progress:
[ ] 1. Verify authorization for packet capture
[ ] 2. Identify target interface and capture requirements
[ ] 3. Capture network traffic with appropriate filters
[ ] 4. Analyze captured packets for security indicators
[ ] 5. Extract artifacts (files, credentials, sessions)
[ ] 6. Document findings and security implications
[ ] 7. Securely handle and store capture files
[ ] 8. Clean up sensitive data per retention policy
Work through each step systematically. Check off completed items.
### 1. Authorization Verification
**CRITICAL**: Before any packet capture:
- Confirm written authorization for network monitoring
- Verify legal compliance (wiretapping laws, privacy regulations)
- Understand data handling and retention requirements
- Document scope of capture (interfaces, duration, filters)
- Ensure secure storage for captured data
### 2. Interface Discovery
Identify available network interfaces:
```bash
# List all interfaces
tshark -D
# List with interface details
sudo tshark -D
# Capture on specific interface
sudo tshark -i eth0
sudo tshark -i wlan0
# Capture on any interface
sudo tshark -i any
# Capture on multiple interfaces
sudo tshark -i eth0 -i wlan0
```
**Interface types**:
- **eth0/ens33**: Ethernet interface
- **wlan0**: Wireless interface
- **lo**: Loopback interface
- **any**: All interfaces (Linux only)
- **mon0**: Monitor mode interface (wireless)
### 3. Basic Packet Capture
Capture network traffic:
```bash
# Capture indefinitely (Ctrl+C to stop)
sudo tshark -i eth0
# Capture specific number of packets
sudo tshark -i eth0 -c 1000
# Capture for specific duration (seconds)
sudo tshark -i eth0 -a duration:60
# Capture to file
sudo tshark -i eth0 -w capture.pcap
# Capture with ring buffer (rotate files)
sudo tshark -i eth0 -w capture.pcap -b filesize:100000 -b files:5
```
**Capture options**:
- `-c <count>`: Capture packet count
- `-a duration:<sec>`: Auto-stop after duration
- `-w <file>`: Write to file
- `-b filesize:<KB>`: Rotate at file size
- `-b files:<num>`: Keep N ring buffer files
### 4. Capture Filters
Apply BPF (Berkeley Packet Filter) during capture for efficiency:
```bash
# Capture only HTTP traffic
sudo tshark -i eth0 -f "tcp port 80"
# Capture specific host
sudo tshark -i eth0 -f "host 192.168.1.100"
# Capture subnet
sudo tshark -i eth0 -f "net 192.168.1.0/24"
# Capture multiple ports
sudo tshark -i eth0 -f "tcp port 80 or tcp port 443"
# Exclude specific traffic
sudo tshark -i eth0 -f "not port 22"
# Capture SYN packets only
sudo tshark -i eth0 -f "tcp[tcpflags] & tcp-syn != 0"
```
**Common capture filters**:
- `host <ip>`: Traffic to/from IP
- `net <cidr>`: Traffic to/from network
- `port <port>`: Specific port
- `tcp|udp|icmp`: Protocol type
- `src|dst`: Direction filter
- `and|or|not`: Logical operators
### 5. Display Filters
Analyze captured traffic with Wireshark display filters:
```bash
# HTTP requests only
tshark -r capture.pcap -Y "http.request"
# HTTP responses
tshark -r capture.pcap -Y "http.response"
# DNS queries
tshark -r capture.pcap -Y "dns.flags.response == 0"
# TLS handshakes
tshark -r capture.pcap -Y "tls.handshake.type == 1"
# Suspicious traffic patterns
tshark -r capture.pcap -Y "tcp.flags.syn==1 and tcp.flags.ack==0"
# Failed connections
tshark -r capture.pcap -Y "tcp.flags.reset==1"
```
**Advanced display filters**:
```bash
# HTTP POST requests with credentials
tshark -r capture.pcap -Y "http.request.method == POST and (http contains \"password\" or http contains \"username\")"
# SMB file transfers
tshark -r capture.pcap -Y "smb2.cmd == 8 or smb2.cmd == 9"
# Suspicious User-Agents
tshark -r capture.pcap -Y "http.user_agent contains \"python\" or http.user_agent contains \"curl\""
# Large data transfers
tshark -r capture.pcap -Y "tcp.len > 1400"
# Beaconing detection (periodic traffic)
tshark -r capture.pcap -Y "http" -T fields -e frame.time_relative -e ip.dst
```
### 6. Protocol Analysis
Analyze specific protocols:
**HTTP/HTTPS Analysis**:
```bash
# Extract HTTP requests
tshark -r capture.pcap -Y "http.request" -T fields -e ip.src -e http.host -e http.request.uri
# Extract HTTP User-Agents
tshark -r capture.pcap -Y "http.user_agent" -T fields -e ip.src -e http.user_agent
# HTTP status codes
tshark -r capture.pcap -Y "http.response" -T fields -e ip.src -e http.response.code
# Extract HTTP cookies
tshark -r capture.pcap -Y "http.cookie" -T fields -e ip.src -e http.cookie
```
**DNS Analysis**:
```bash
# DNS queries
tshark -r capture.pcap -Y "dns.flags.response == 0" -T fields -e ip.src -e dns.qry.name
# DNS responses
tshark -r capture.pcap -Y "dns.flags.response == 1" -T fields -e dns.qry.name -e dns.a
# DNS tunneling detection (long domain names)
tshark -r capture.pcap -Y "dns" -T fields -e dns.qry.name | awk 'length > 50'
# DNS query types
tshark -r capture.pcap -Y "dns" -T fields -e dns.qry.type -e dns.qry.name
```
**TLS/SSL Analysis**:
```bash
# TLS handshakes
tshark -r capture.pcap -Y "tls.handshake.type == 1" -T fields -e ip.src -e ip.dst -e tls.handshake.extensions_server_name
# TLS certificates
tshark -r capture.pcap -Y "tls.handshake.certificate" -T fields -e tls.handshake.certificate
# SSL/TLS versions
tshark -r capture.pcap -Y "tls" -T fields -e tls.record.version
# Weak cipher suites
tshark -r capture.pcap -Y "tls.handshake.ciphersuite" -T fields -e tls.handshake.ciphersuite
```
**SMB/CIFS Analysis**:
```bash
# SMB file access
tshark -r capture.pcap -Y "smb2" -T fields -e ip.src -e smb2.filename
# SMB authentication
tshark -r capture.pcap -Y "ntlmssp" -T fields -e ip.src -e ntlmssp.auth.username
# SMB commands
tshark -r capture.pcap -Y "smb2" -T fields -e smb2.cmd
```
### 7. Credential Extraction
Extract credentials from network traffic (authorized forensics only):
**HTTP Basic Authentication**:
```bash
# Extract HTTP Basic Auth credentials
tshark -r capture.pcap -Y "http.authbasic" -T fields -e ip.src -e http.authbasic
# Decode Base64 credentials
tshark -r capture.pcap -Y "http.authorization" -T fields -e http.authorization | base64 -d
```
**FTP Credentials**:
```bash
# Extract FTP usernames
tshark -r capture.pcap -Y "ftp.request.command == USER" -T fields -e ip.src -e ftp.request.arg
# Extract FTP passwords
tshark -r capture.pcap -Y "ftp.request.command == PASS" -T fields -e ip.src -e ftp.request.arg
```
**NTLM/Kerberos**:
```bash
# Extract NTLM hashes
tshark -r capture.pcap -Y "ntlmssp.auth.ntlmv2response" -T fields -e ntlmssp.auth.username -e ntlmssp.auth.domain -e ntlmssp.auth.ntlmv2response
# Kerberos tickets
tshark -r capture.pcap -Y "kerberos.CNameString" -T fields -e kerberos.CNameString -e kerberos.realm
```
**Email Credentials**:
```bash
# SMTP authentication
tshark -r capture.pcap -Y "smtp.req.command == AUTH" -T fields -e ip.src
# POP3 credentials
tshark -r capture.pcap -Y "pop.request.command == USER or pop.request.command == PASS" -T fields -e pop.request.parameter
# IMAP credentials
tshark -r capture.pcap -Y "imap.request contains \"LOGIN\"" -T fields -e imap.request
```
### 8. File Extraction
Extract files from packet captures:
```bash
# Export HTTP objects
tshark -r capture.pcap --export-objects http,extracted_http/
# Export SMB objects
tshark -r capture.pcap --export-objects smb,extracted_smb/
# Export DICOM objects
tshark -r capture.pcap --export-objects dicom,extracted_dicom/
# Export IMF (email) objects
tshark -r capture.pcap --export-objects imf,extracted_email/
```
**Manual file reconstruction**:
```bash
# Extract file data from HTTP response
tshark -r capture.pcap -Y "http.response and http.content_type contains \"application/pdf\"" -T fields -e data.data | xxd -r -p > extracted_file.pdf
# Reassemble TCP stream
tshark -r capture.pcap -q -z follow,tcp,ascii,<stream-number>
```
### 9. Malware Detection
Identify malicious network activity:
```bash
# Detect common C2 beaconing patterns
tshark -r capture.pcap -Y "http" -T fields -e frame.time_relative -e ip.dst -e http.host | sort | uniq -c | sort -rn
# Suspicious DNS queries (DGA domains)
tshark -r capture.pcap -Y "dns.qry.name" -T fields -e dns.qry.name | awk -F'.' '{print $(NF-1)"."$NF}' | sort | uniq -c | sort -rn
# Detect port scanning
tshark -r capture.pcap -Y "tcp.flags.syn==1 and tcp.flags.ack==0" -T fields -e ip.src -e ip.dst -e tcp.dstport | sort | uniq -c | sort -rn
# Detect data exfiltration (large uploads)
tshark -r capture.pcap -Y "http.request.method == POST" -T fields -e ip.src -e http.content_length | awk '$2 > 1000000'
# Suspicious executable downloads
tshark -r capture.pcap -Y "http.response and (http.content_type contains \"application/exe\" or http.content_type contains \"application/x-dosexec\")"
```
### 10. Statistics and Reporting
Generate traffic statistics:
```bash
# Protocol hierarchy
tshark -r capture.pcap -q -z io,phs
# Conversation statistics
tshark -r capture.pcap -q -z conv,tcp
tshark -r capture.pcap -q -z conv,udp
tshark -r capture.pcap -q -z conv,ip
# HTTP statistics
tshark -r capture.pcap -q -z http,tree
# DNS statistics
tshark -r capture.pcap -q -z dns,tree
# Endpoints
tshark -r capture.pcap -q -z endpoints,tcp
tshark -r capture.pcap -q -z endpoints,udp
# Expert info (warnings/errors)
tshark -r capture.pcap -q -z expert
```
## Security Considerations
### Authorization & Legal Compliance
- **Written Authorization**: Obtain explicit permission for network monitoring
- **Privacy Laws**: Comply with wiretapping and privacy regulations (GDPR, CCPA, ECPA)
- **Data Minimization**: Capture only necessary traffic for investigation
- **Credential Handling**: Treat extracted credentials as highly sensitive
- **Retention Policy**: Follow data retention and secure deletion requirements
### Operational Security
- **Encrypted Storage**: Encrypt capture files at rest
- **Access Control**: Restrict access to packet captures
- **Secure Transfer**: Use encrypted channels for capture file transfer
- **Anonymization**: Remove or redact PII when sharing captures
- **Chain of Custody**: Maintain forensic integrity for legal proceedings
### Audit Logging
Document all packet capture activities:
- Capture start and end timestamps
- Interface(s) captured
- Capture filters applied
- File names and storage locations
- Personnel who accessed captures
- Purpose of capture and investigation findings
- Secure deletion timestamps
### Compliance
- **MITRE ATT&CK**: T1040 (Network Sniffing)
- **NIST CSF**: DE.AE (Detection Processes - Anomalies and Events)
- **PCI-DSS**: Network security monitoring requirements
- **ISO 27001**: A.12.4 Logging and monitoring
- **GDPR**: Data protection and privacy requirements
## Common Patterns
### Pattern 1: Incident Response Investigation
```bash
# Capture traffic during incident
sudo tshark -i eth0 -w incident_$(date +%Y%m%d_%H%M%S).pcap -a duration:300
# Analyze for lateral movement
tshark -r incident.pcap -Y "smb2 or rdp or ssh" -T fields -e ip.src -e ip.dst
# Identify C2 communication
tshark -r incident.pcap -Y "http or dns" -T fields -e ip.dst -e http.host -e dns.qry.name
# Extract IOCs
tshark -r incident.pcap -Y "ip.dst" -T fields -e ip.dst | sort -u > ioc_ips.txt
tshark -r incident.pcap -Y "dns.qry.name" -T fields -e dns.qry.name | sort -u > ioc_domains.txt
```
### Pattern 2: Malware Traffic Analysis
```bash
# Capture malware sandbox traffic
sudo tshark -i eth0 -w malware_traffic.pcap
# Extract C2 indicators
tshark -r malware_traffic.pcap -Y "http.host" -T fields -e ip.src -e http.host -e http.user_agent
# Identify DNS tunneling
tshark -r malware_traffic.pcap -Y "dns" -T fields -e dns.qry.name | awk 'length > 50'
# Extract downloaded payloads
tshark -r malware_traffic.pcap --export-objects http,malware_artifacts/
# Analyze encryption/encoding
tshark -r malware_traffic.pcap -Y "http.request.method == POST" -T fields -e data.data
```
### Pattern 3: Credential Harvesting Detection
```bash
# Monitor for credential transmission
sudo tshark -i eth0 -Y "(http.authorization or ftp or pop or imap) and not tls" -T fields -e ip.src -e ip.dst
# Extract all HTTP POST data
tshark -r capture.pcap -Y "http.request.method == POST" -T fields -e http.file_data > post_data.txt
# Search for password keywords
tshark -r capture.pcap -Y "http contains \"password\" or http contains \"passwd\"" -T fields -e ip.src -e http.request.uri
# NTLM hash extraction
tshark -r capture.pcap -Y "ntlmssp.auth.ntlmv2response" -T fields -e ntlmssp.auth.username -e ntlmssp.auth.domain -e ntlmssp.auth.ntlmv2response > ntlm_hashes.txt
```
### Pattern 4: Network Forensics
```bash
# Reconstruct HTTP conversation
tshark -r capture.pcap -q -z follow,http,ascii,0
# Timeline analysis
tshark -r capture.pcap -T fields -e frame.time -e ip.src -e ip.dst -e tcp.dstport
# Identify file transfers
tshark -r capture.pcap -Y "http.content_type contains \"application/\" or ftp-data" -T fields -e frame.number -e http.content_type
# Geolocation of connections (requires GeoIP)
tshark -r capture.pcap -T fields -e ip.src -e ip.dst -e ip.geoip.src_country -e ip.geoip.dst_country
```
### Pattern 5: Wireless Security Assessment
```bash
# Capture wireless traffic (monitor mode required)
sudo tshark -i mon0 -w wireless_capture.pcap
# Identify wireless networks
tshark -r wireless_capture.pcap -Y "wlan.fc.type_subtype == 0x08" -T fields -e wlan.ssid -e wlan.bssid
# Detect deauth attacks
tshark -r wireless_capture.pcap -Y "wlan.fc.type_subtype == 0x0c"
# WPA handshake capture
tshark -r wireless_capture.pcap -Y "eapol"
# Client probing activity
tshark -r wireless_capture.pcap -Y "wlan.fc.type_subtype == 0x04" -T fields -e wlan.sa -e wlan.ssid
```
## Integration Points
### SIEM Integration
Export packet analysis to SIEM platforms:
```bash
# Export to JSON for Splunk/ELK
tshark -r capture.pcap -T ek > packets.json
# Export specific fields in JSON
tshark -r capture.pcap -Y "http" -T json -e ip.src -e ip.dst -e http.host -e http.request.uri
# CSV export for analysis
tshark -r capture.pcap -T fields -E separator=, -e frame.time -e ip.src -e ip.dst -e tcp.dstport > packets.csv
```
### Scripting and Automation
```bash
#!/bin/bash
# continuous_monitor.sh - Continuous network monitoring
INTERFACE="eth0"
ALERT_FILTER="http contains \"cmd.exe\" or dns.qry.name contains \".tk\" or dns.qry.name contains \".xyz\""
sudo tshark -i $INTERFACE -Y "$ALERT_FILTER" -T fields -e frame.time -e ip.src -e ip.dst -e http.host -e dns.qry.name | \
while read line; do
echo "[ALERT] $(date): $line" | tee -a security_alerts.log
# Trigger incident response workflow
echo "$line" | mail -s "Security Alert" soc@company.com
done
```
## Troubleshooting
### Issue: "Permission denied" when capturing
**Solutions**:
```bash
# Run with sudo
sudo tshark -i eth0
# Or add user to wireshark group (Linux)
sudo usermod -a -G wireshark $USER
sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/tshark
# Logout and login for group changes to take effect
```
### Issue: "No interfaces found"
**Solutions**:
```bash
# Verify tshark installation
tshark --version
# List interfaces with sudo
sudo tshark -D
# Check interface status
ip link show
ifconfig -a
```
### Issue: Capture file is huge
**Solutions**:
```bash
# Use capture filters to reduce size
sudo tshark -i eth0 -f "not port 22" -w capture.pcap
# Use ring buffer
sudo tshark -i eth0 -w capture.pcap -b filesize:100000 -b files:5
# Limit packet size (snaplen)
sudo tshark -i eth0 -s 128 -w capture.pcap
```
### Issue: Cannot decrypt TLS traffic
**Solutions**:
```bash
# Provide SSL key log file (requires SSLKEYLOGFILE environment variable)
tshark -r capture.pcap -o tls.keylog_file:sslkeys.log -Y "http"
# Use pre-master secret
tshark -r capture.pcap -o tls.keys_list:192.168.1.100,443,http,/path/to/server.key
```
## Defensive Considerations
Organizations should protect against unauthorized packet capture:
- **Network Segmentation**: Reduce exposure to packet sniffing
- **Encryption**: Use TLS/SSL to protect sensitive data in transit
- **Switch Security**: Enable port security and DHCP snooping
- **Wireless Security**: Use WPA3, disable broadcast SSID
- **Intrusion Detection**: Monitor for promiscuous mode interfaces
- **Physical Security**: Protect network infrastructure from tap devices
Detect packet capture activity:
- Monitor for promiscuous mode network interfaces
- Detect ARP spoofing and MAC flooding attacks
- Audit administrative access to network devices
- Monitor for unusual outbound data transfers
- Deploy network access control (802.1X)
## References
- [TShark Man Page](https://www.wireshark.org/docs/man-pages/tshark.html)
- [Wireshark Display Filters](https://wiki.wireshark.org/DisplayFilters)
- [MITRE ATT&CK: Network Sniffing](https://attack.mitre.org/techniques/T1040/)
- [NIST SP 800-92: Guide to Computer Security Log Management](https://csrc.nist.gov/publications/detail/sp/800-92/final)
- [Practical Packet Analysis Book](https://nostarch.com/packetanalysis3)Related Skills
log-analysis
Analyze application logs to identify errors, performance issues, and security anomalies. Use when debugging issues, monitoring system health, or investigating incidents. Handles various log formats including Apache, Nginx, application logs, and JSON logs.
wireshark-network-traffic-analysis
This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "detect network anomalies", "investigate suspicious traffic", or "perform protocol analysis". It provides comprehensive techniques for network packet capture, filtering, and analysis using Wireshark.
wireshark-analysis
This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "dete...
team-composition-analysis
This skill should be used when the user asks to "plan team structure", "determine hiring needs", "design org chart", "calculate compensation", "plan equity allocation", or requests organizational design and headcount planning for a startup.
stride-analysis-patterns
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
market-sizing-analysis
This skill should be used when the user asks to "calculate TAM", "determine SAM", "estimate SOM", "size the market", "calculate market opportunity", "what's the total addressable market", or requests market sizing analysis for a startup or business opportunity.
error-diagnostics-error-analysis
You are an expert error analysis specialist with deep expertise in debugging distributed systems, analyzing production incidents, and implementing comprehensive observability solutions.
error-debugging-error-analysis
You are an expert error analysis specialist with deep expertise in debugging distributed systems, analyzing production incidents, and implementing comprehensive observability solutions.
binary-analysis-patterns
Master binary analysis patterns including disassembly, decompilation, control flow analysis, and code pattern recognition. Use when analyzing executables, understanding compiled code, or performing static analysis on binaries.
azure-ai-vision-imageanalysis-py
Azure AI Vision Image Analysis SDK for captions, tags, objects, OCR, people detection, and smart cropping. Use for computer vision and image understanding tasks. Triggers: "image analysis", "computer vision", "OCR", "object detection", "ImageAnalysisClient", "image caption".
azure-ai-vision-imageanalysis-java
Build image analysis applications with Azure AI Vision SDK for Java. Use when implementing image captioning, OCR text extraction, object detection, tagging, or smart cropping.
vision-analysis
Analyze, describe, and extract information from images using the MiniMax vision MCP tool. Use when: user shares an image file path or URL (any message containing .jpg, .jpeg, .png, .gif, .webp, .bmp, or .svg file extension) or uses any of these words/phrases near an image: "analyze", "analyse", "describe", "explain", "understand", "look at", "review", "extract text", "OCR", "what is in", "what's in", "read this image", "see this image", "tell me about", "explain this", "interpret this", in connection with an image, screenshot, diagram, chart, mockup, wireframe, or photo. Also triggers for: UI mockup review, wireframe analysis, design critique, data extraction from charts, object detection, person/animal/activity identification. Triggers: any message with an image file extension (jpg, jpeg, png, gif, webp, bmp, svg), or any request to analyze/describ/understand/review/extract text from an image, screenshot, diagram, chart, photo, mockup, or wireframe.