security-skills-guide
Guide for security-related Agent Skills including penetration testing, code auditing, threat hunting, and forensics skills.
Best use case
security-skills-guide is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Guide for security-related Agent Skills including penetration testing, code auditing, threat hunting, and forensics skills.
Teams using security-skills-guide should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/security-skills-guide/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How security-skills-guide Compares
| Feature / Agent | security-skills-guide | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Guide for security-related Agent Skills including penetration testing, code auditing, threat hunting, and forensics skills.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Security Skills Guide
## Scope
Use this skill when:
- Finding or adding security-related skills
- Understanding cybersecurity skill categories
- Organizing security skills in README.md
## Security Skill Categories
### Penetration Testing
| Category | Skills |
|----------|--------|
| Web Application | Burp Suite, FFUF fuzzing, SQL injection, XSS testing |
| Network | Nmap, Wireshark, SMTP/SSH testing |
| Cloud | AWS/Azure/GCP penetration testing |
| Active Directory | Kerberoasting, DCSync, pass-the-hash |
### Code Auditing
| Category | Skills |
|----------|--------|
| Static Analysis | CodeQL, Semgrep, Slither |
| Smart Contracts | Solidity security, Move auditing |
| Variant Analysis | Finding similar vulnerabilities |
### Threat Hunting
| Category | Skills |
|----------|--------|
| Detection Rules | Sigma rules, YARA |
| Forensics | File metadata, memory analysis |
| Incident Response | Triage, investigation |
## Key Security Skill Repositories
### Trail of Bits Security Team
- `trailofbits/skills` - Static analysis, code auditing, smart contracts
### Antigravity Collection
- `sickn33/antigravity-awesome-skills` - 50+ cybersecurity skills
### Community Skills
- `mhattingpete/claude-skills-marketplace` - Computer forensics skills
## Where to Add Security Skills in README
- **Penetration testing tools**: `Cybersecurity & Penetration Testing`
- **Code analysis tools**: `Security & Systems` or `Development & Code Tools`
- **Threat hunting**: `Security & Systems`
- **Smart contract security**: `Development & Code Tools` (if dev-focused)
## Security Skill Best Practices
1. **Clear scope**: Define what the skill does and doesn't do
2. **Legal warnings**: Include responsible use disclaimers
3. **Tool requirements**: List required external tools
4. **Safe defaults**: Use non-destructive operations by default
5. **Logging**: Include audit trail capabilities
## Example Security Skill Structure
```
threat-hunting/
├── SKILL.md # Main instructions
├── scripts/
│ ├── sigma-search.py
│ └── log-parser.sh
├── references/
│ └── sigma-rules.md
└── templates/
└── report.md
```Related Skills
components-guide
Guide to using Convex components for feature encapsulation. Learn about sibling components, creating your own, and when to use components vs monolithic code.
clack-guidelines
Comprehensive guide for building beautiful interactive command-line interfaces using Clack. Use when creating CLI tools with text input, selections, autocomplete, progress tracking, and streaming output.
astrology-interpretation-guide
Comprehensive astrology expert covering natal charts, transits, houses, aspects, and astrological traditions from Western to Vedic
Arcanea Voice Guide
Brand voice and terminology guide for all Arcanea content - ensures consistent, magical communication across UI, marketing, and narrative
analytic-skills-guide
Guide for AI agent to use the tools offered by this library to perform analytic tasks.
ai-engineering-guide
Practical guide for building production ML systems based on Chip Huyen's AI Engineering book. Use when users ask about model evaluation, deployment strategies, monitoring, data pipelines, feature engineering, cost optimization, or MLOps. Covers metrics, A/B testing, serving patterns, drift detection, and production best practices.
agents-md-guidelines
Guidelines for writing small, stable AGENTS.md files. Use when creating, refactoring, or reviewing AGENTS.md.
agent-ops-guide
Interactive workflow guide. Use when user is unsure what to do next, needs help navigating AgentOps, or wants to understand available tools.
agent-guidelines
When you need to understand the project's core mandate, operational rules, or "Constitution". Use this skill to align with the project's identity and strict coding standards.
ADAPTATION_GUIDE
Use when adapting Droidz framework or creating custom workflows. Guide for customizing droids, skills, and commands for specific project needs.
5-styleguide-generation
Fifth step in building instruction context for codebase
web-security-testing
Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.