aradotso/security-skills
17 skills7.7k installs17 starsGitHub
Install
npx skills add https://github.com/aradotso/security-skillsSkills in this repo
1Anthropic Cybersecurity Skillsanthropic-cybersecurity-skills is a meta-library that packages 754 structured cybersecurity skills for AI coding agents, organized across 26 domains and aligned to MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, and NIST AI RMF. Solo builders and small teams shipping SaaS, APIs, or agent tooling use it when they need expert-level guidance for incidents, malware, memory forensics, threat hunting, cloud security posture, or framework mapping—not a single check script. Install the collection with npx, git clone, or submodule, then invoke domain-specific skills from the skills/ tree as your agent works through investigations or hardening tasks. It matters because security work is procedural and easy to get wrong in chat; this catalog turns repeatable operations into agent-invokable skills. Pair it with your repo’s own harness and review skills; treat outputs as assistance that still needs human verification and your org’s Security Audits panel on Prism before trusting third-party skill sources.675installs2Pentest Ai Agentspentest-ai-agents packages the ara.so Security Skills collection as a Claude Code skill that turns the agent into an offensive-security copilot. Instead of one generic assistant, you get thirty-five domain-focused subagents that activate from triggers such as planning a penetration test, interpreting nmap or BloodHound output, researching exploits, building detection rules, or generating a formal report. Solo builders and small security teams use it when they already have authority to test targets and need structured reasoning across recon, exploitation, and blue-team detection work—not when they only want a quick dependency scan on a side project. The skill emphasizes automatic routing and deep toolchain literacy so you spend less time context-switching between cheat sheets and more time on analysis. It pairs naturally with ship-phase hardening and operate-phase detection engineering, and it assumes comfort with professional pentest ethics and scope.605installs3Vibe Security SkillVibe Security Skill teaches your agent how to use the Vibe Security audit workflow on codebases built with heavy AI assistance. It scopes reviews to the technologies you actually use—Supabase Row-Level Security, Stripe payment flows, React Native clients, and similar—so you are not reading generic OWASP essays while your RLS is wide open. Solo builders shipping MVPs fast use it when a feature touches auth, payments, or user data and they need a second opinion tuned to vibe-coded mistakes: secrets in repo, disabled policies, uncapped LLM API keys, and payment amounts trusted from the client. Invoke it after major agent-generated changes and before production deploy or store submission. It complements manual review and platform dashboards; it does not replace penetration testing or formal compliance programs.570installs4Openclaw Security HardeningOpenClaw Security Hardening is an agent skill for solo and indie builders running high-privilege OpenClaw agents with shell or root access. It walks your coding agent through deploying and validating the OpenClaw Security Practice Guide: behavioral blacklists before actions, narrowed permissions during execution, and automated nightly audits with thirteen core metrics afterward. The framework targets prompt injection, poisoned skills, and destructive terminal operations rather than generic host hardening checklists. Use it when you are standing up or reviewing an autonomous agent environment and need repeatable red and yellow-line rules, installation audits, and evidence that controls actually hold. It assumes you are committed to OpenClaw-style autonomy and want defense-in-depth without pretending a single static firewall is enough.568installs5Slowmist Agent Security FrameworkSlowMist Agent Security Framework is a procedural security skill for solo and indie builders who wire AI agents to the open internet, package marketplaces, and third-party repos. It gives your agent repeatable checklists to pressure-test skills, MCP servers, GitHub projects, links, blockchain addresses, and recommended services in adversarial conditions instead of accepting README marketing at face value. Triggers align with pre-install decisions—when someone asks to review a skill, verify a repo, scan a URL for injection, or assess an MCP server before adding it to a workspace. The methodology spans Validate (is this idea/tool safe to depend on?), Build (agent-tooling supply chain), and Ship (security gates), so placement on Ship/Security is the catalog shelf while real use recurs whenever new externals appear. Install by cloning the framework into your agent skills workspace as documented in SKILL.md. Pair with your own judgment and Prism’s Security Audits panel on each listing; this skill structures analysis, it does not replace human sign-off on secrets and network scope.559installs6Malware Detection AwarenessMalware-detection-awareness is a journey-wide security skill that helps solo builders judge whether a download, GitHub repo, or “pre-activated” tool package is likely malicious before it touches their machine or agent environment. It is aimed at developers who install skills, CLI tools, and dependencies from open directories where cracked commercial software and keygens are common malware carriers. The content walks through concrete indicators: unauthorized brand use, activation bypass language, suspicious engagement metrics, missing source or README, and mismatched project naming. Canonical placement is Ship security because that is when you harden what enters production—but the same checklist applies in Idea research, Validate prototype installs, Build integrations, and Operate when pulling updates. Use it whenever triggers like “how to verify legitimate software sources” or “detect keygen malware” appear. It produces awareness and refusal decisions, not automated scanning.554installs7Malware Warning Avast Piracymalware-warning-avast-piracy is a defensive agent skill from the Security Skills collection that activates when a user or agent attempts to install pirated Avast Premium Security, run keygens, or download cracked loaders. It does not install software; it educates and refuses, citing malware-campaign patterns such as absent Go source despite a Go project label, crack/keygen distribution, and topic stuffing with legitimate security terms. Solo builders and small teams benefit whenever an coding agent might casually satisfy a “get free Avast premium” prompt by pulling untrusted installers. Shelf it under Ship security, but treat it as journey-wide because the trigger phrases can appear during build tooling debates, operate hygiene, or ad-hoc desktop setup. After invocation, the expected outcome is a clear halt plus safer alternatives—official vendor downloads only—not a configured antivirus.385installs8Avast Security AwarenessAvast Security Awareness is an agent skill from ara.so’s Security Skills collection that trains coding assistants to recognize repositories disguised as legitimate antivirus or security tools when builders evaluate GitHub projects, README copy, or install instructions. Solo and indie developers often pull dependencies or “free” security utilities from search results; this skill encodes repeatable heuristics—suspicious naming, crack/keygen language, missing implementation, and engagement manipulation—so the agent can pause and warn instead of silently recommending a clone or download. It is editorial and defensive: it does not scan binaries or replace formal SCA, but it complements human judgment during repo triage, pre-merge dependency review, and incident curiosity checks. Use it when triggers mention fake Avast repos, malware distribution on GitHub, or verifying real security software sources.382installs9Report Malicious RepositoryReport Malicious Repository is an agent skill from ara.so’s Security Skills collection that teaches solo builders and small teams how to recognize GitHub projects that masquerade as legitimate security or antivirus software while actually pushing cracks, keygens, or malware. It is for anyone evaluating starred repos, tutorial links, or “free premium” tools before adding them to a workflow or sharing them with users. Use it when triggers match suspicious commercial-software repos, mixed legitimate topics with piracy tags, or requests to report copyright abuse. The skill contrasts red flags—piracy keywords, too-good-to-be-true licensing, minimal source with external downloads, and brand impersonation—with safer handling: do not clone or run artifacts, document evidence, and use platform abuse paths. It fits indie builders who lack a dedicated threat-intel team but still need disciplined repo hygiene when curating agents, CLIs, or integrations.380installs10Pentest Agents Bug Bounty FrameworkPentest Agents Bug Bounty Framework is an ara.so security skill that packages a full autonomous hunting stack for solo builders and small teams who run authorized bug-bounty or pentest programs from the terminal. You scaffold a HackerOne-style workspace, wire platform credentials, and drive Claude Code or peer agents through repeatable hunt loops instead of one-off prompt hacking. The framework emphasizes operational rigor: MCP hooks into platforms and writeup databases, CLI scaffolding, exploit-chain composition, and a 7-Question Gate so you do not burn reputation on weak submissions. It fits the Ship phase when you need structured offensive testing before launch, not when you only want a quick dependency scan. Expect intermediate setup (uv, env vars, repo clone) and strict scope discipline—only use on programs and assets you are explicitly allowed to test.379installs11Unisecurityguard Academic Whistleblower Archiveunisecurityguard-academic-whistleblower-archive is an agent skill from ara.so’s Security Skills collection that teaches how to stand up UniSecurityGuard-style GitHub archives when academic whistleblowing content faces platform removal or institutional pressure. It is built around a real case: documenting career transitions and employment disputes in Chinese higher education while backing up social posts that risk censorship. Solo builders and advocates get a repository layout (README as living narrative, assets for screenshots), trigger-aligned workflows for preserving Xiaohongshu content, and practices that favor transparency and immutability over flashy apps. Use it when you need evidence preservation and public documentation—not when you need legal advice or automated scraping at scale. The skill is documentation-heavy Markdown; legal, safety, and personal risk review stay your responsibility before publishing identifiable material.378installs12Wxmini Security Auditwxmini-security-audit is an agent-team workflow for solo and indie builders shipping WeChat mini-programs who need credible static security review without a full pentest bench. Install it when you have a wxapkg tree or decompiled assets and want coordinated coverage for secrets, endpoints, cryptography, and vulnerability patterns rather than one-off grep. The skill drives Claude Code Agent Teams through seven roles, combining deterministic regex scripts with LLM reasoning so rule coverage stays complete while narratives stay actionable. It fits the Ship phase when you are validating a build or investigating a third-party bundle before store submission. Expect parallel analysis phases and a consolidated reporter output you can triage into fixes. It is specialized to the WeChat mini-program ecosystem and assumes you can point the agent at a local project directory.378installs13Avast Premium Security DetectionAvast Premium Security Detection is a security agent skill from the ara.so Security Skills collection for scrutinizing repositories that pose as Avast Premium or other cracked antivirus offerings. It walks agents through critical warning signs: promotional copy promising keygens, pre-activated keys, and “full version” loaders; empty or boilerplate READMEs; C++ tags on repos that behave like droppers; and engagement anomalies such as rapid star growth with no forks or issues. Solo builders encounter these repos when searching for tooling, following trending lists, or vetting dependencies suggested by chat agents. The skill is analytical—it does not install software—and helps you document why a source is likely a software-piracy scam or malware channel. Use it when a link claims free premium security, when stars look artificially inflated, or when triggers mention fake antivirus distribution. Pair with normal org verification and official vendor download paths after the analysis.376installs14Security Awareness Malicious Repository Detectionsecurity-awareness-malicious-repository-detection is an agent skill that helps solo builders and small teams recognize GitHub repositories distributing malware under the guise of cracked antivirus, keygens, or pirated tools. It walks through impersonation signals, topic-tag abuse, engagement manipulation, absent legitimate code, and language patterns that legitimate vendors never use. Invoke it when a link looks like free premium software, when evaluating starred repos from unfamiliar accounts, or before adding a suspicious project as a dependency or install script source. The skill complements formal dependency scanners by focusing on human-targeted repository social engineering. It is advisory analysis—you still verify with org reputation, VirusTotal or sandbox runs, and your Security Audits panel on Prism before trusting any third-party package.373installs15Avast Premium Security Malware Analysisavast-premium-security-malware-analysis is a security-education agent skill from ara.so’s Security Skills collection. It helps solo builders and researchers who need structured prompts to understand Avast Premium Security’s feature surface—behavior shield, real-time scanning, firewall integration, and ransomware-oriented defenses—without treating the skill as a shortcut to bypass licensing. The embedded notice is unusually direct: repositories bundling cracks or keygens are flagged as illegal, unethical, and likely malware distribution, which is the right stance for a directory aimed at builders who ship real products. Legitimate use is studying how commercial endpoint protection layers detection and response so you can compare design choices in your own apps or threat models. Pair it with your own lab VMs and official trial downloads only. It does not replace hands-on reverse engineering courses or vendor documentation, but it gives agent-guided question templates when you are writing explainers, compliance notes, or defensive architecture comparisons during Ship-phase security work.369installs16Avast Premium Security AwarenessAvast Premium Security Awareness is a security agent skill from the ara.so collection that teaches your coding agent how to recognize repositories pretending to distribute legitimate Avast Premium Security while actually matching common malware and piracy funnels. It is built for solo builders who discover odd GitHub projects via search, stars, or dependency suggestions and need a structured lens before cloning or sharing links. The skill walks through red flags such as cracked or pre-activated commercial software promises, absent real source or README substance, topic tags that blend legitimate AV terms with crack-related keywords, and account patterns suggestive of automated promotion. It does not replace enterprise threat intel platforms; instead it gives indie developers a fast authenticity pass aligned with triggers like investigating cracked software repos or verifying legitimate Avast sources. Use it whenever a repo’s value proposition is ‘free premium security’ rather than maintained open-source security tooling you can audit line by line.367installs17Avast Security AnalysisAvast Security Analysis is an agent skill aimed at cybersecurity learners and indie developers who must understand how consumer antivirus products observe behavior—not at helping anyone bypass licensing or run untrusted “cracked” bundles. It organizes research angles around real-time protection, behavior shields, and component architecture so conversations stay analytical: what gets monitored, how heuristics might fire, and what that means for legitimate app compatibility. Solo builders shipping Windows installers or security-sensitive tools can use it to reason about false positives and user-environment friction, while students use it to connect textbook concepts to named commercial stacks. The skill’s own notice stresses that repositories promoting pirated Avast builds are suspect; Prism tags treat this as research guidance only. It is niche, advanced, and should never be invoked to evade detection on malware—you pair it with ethical scope, VMs, and vendor documentation.366installs