thor-maintenance

Maintain THOR installs using thor-util: update signatures, upgrade versions, download offline packs, generate reports, manage YARA-Forge. Use when the user asks about updating/upgrading/report generation.

9 stars

Best use case

thor-maintenance is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Maintain THOR installs using thor-util: update signatures, upgrade versions, download offline packs, generate reports, manage YARA-Forge. Use when the user asks about updating/upgrading/report generation.

Teams using thor-maintenance should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/thor-maintenance/SKILL.md --create-dirs "https://raw.githubusercontent.com/Nextron-Labs/thor-skill/main/thor-maintenance/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/thor-maintenance/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How thor-maintenance Compares

Feature / Agentthor-maintenanceStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Maintain THOR installs using thor-util: update signatures, upgrade versions, download offline packs, generate reports, manage YARA-Forge. Use when the user asks about updating/upgrading/report generation.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# THOR Maintenance Skill

Rules
- Be precise about thor-util verbs:
  - update = signatures
  - upgrade = program + signatures, keep config
  - download = full pack incl config (offline use case)
- Prefer stable signatures; mention sigdev only for urgent cases and explain tradeoffs.

Use these references when needed
- thor-util update vs upgrade vs download: reference/thor-util-update-upgrade.md
- YARA-Forge: reference/yara-forge.md
- Offline updates: reference/offline-updates.md

Output format
- Exact thor-util command(s)
- One-line “what it changes”
- One-line “what it does not change”

Related Skills

thor-troubleshooting

9
from Nextron-Labs/thor-skill

Troubleshoot THOR runs that are stuck, slow, failing to start, stopping early, or produce missing output. Use when the user reports freezes, long runtimes, high CPU pauses, scan aborts, or licensing/update issues.

thor-scan

9
from Nextron-Labs/thor-skill

Run THOR scans and propose the exact command line for Windows, Linux, or macOS. Use when the user wants to scan a host, a directory, a mounted image, or a memory dump with THOR v10/v11.

thor-plugins

9
from Nextron-Labs/thor-skill

Write, package, and use THOR plugins to extend scanner functionality. THOR v11+ only.

thor-log-analysis

9
from Nextron-Labs/thor-skill

Interpret THOR scan results and explain what findings mean. Use when the user pastes THOR log lines, shares a log file, or asks how to triage Notices/Warnings/Alerts.

THOR Lite Skill

9
from Nextron-Labs/thor-skill

THOR Lite is a free scanner with reduced features compared to full THOR. This skill handles Lite-specific guidance, limitations, and workarounds.

thor-lens

9
from Nextron-Labs/thor-skill

THOR Lens workflows for forensic timeline analysis. A web UI that imports THOR v11 audit trail JSONL logs for interactive exploration. Requires THOR v11 (audit trail not available in v10).

thor-db

9
from Nextron-Labs/thor-skill

Analyze THOR's SQLite database (thor10.db/thor11.db) for performance tuning, scan timing, resume state, and delta comparisons. Use when investigating slow scans, debugging performance, or understanding what THOR tracked.

thor-skills

9
from Nextron-Labs/thor-skill

Entry point and router for THOR-related work: running scans, analyzing THOR logs, troubleshooting THOR behavior, maintaining THOR installs, THOR Lens workflows, writing THOR plugins (v11+), and creating custom signatures/IOCs.

custom-signatures

9
from Nextron-Labs/thor-skill

Create and deploy custom IOCs, YARA rules, Sigma rules, and STIX indicators for THOR scans.

cairo-contract-authoring

9
from cartridge-gg/nums

Guides Cairo smart-contract authoring on Starknet with language fundamentals, safe structure choices, component composition, and implementation workflow references.

testing-api-for-broken-object-level-authorization

9
from killvxk/cybersecurity-skills-zh

测试REST和GraphQL API中的越权对象访问(BOLA/IDOR)漏洞,即已认证用户通过操纵API请求中的对象标识符 来访问或修改属于其他用户的资源。测试人员拦截API调用,识别对象ID参数(数字ID、UUID、slug), 并系统性地替换为其他用户的ID,以确定服务器是否执行了对象级授权。 对应OWASP API安全Top 10 2023 API1(越权对象访问)。

exploiting-broken-function-level-authorization

9
from killvxk/cybersecurity-skills-zh

测试 API 的函数级授权破坏(BFLA)漏洞,即普通用户可以通过直接调用来执行管理功能或访问特权 API 端点。测试人员识别管理员和特权端点,然后通过操纵 HTTP 方法、URL 路径和请求参数尝试使用普通用户凭据访问这些端点。对应 OWASP API5:2023 函数级授权破坏。适用于 BFLA 测试、管理员端点绕过、函数级访问控制测试或 API 权限提升等请求场景。