Build your own pack
Curate your favorite skills into a reusable collection, then install it with one command.
analysis-tshark
High Risk 38Analyze Network Captures with TShark
by AgentSecOps
Network investigations require fast packet filtering, protocol inspection, and careful evidence handling. This skill guides authorized TShark workflows for capture analysis, forensic extraction, and incident response reporting.
webapp-nikto
High Risk 38Run Authorized Nikto Web Server Assessments
by AgentSecOps
Web server misconfigurations and outdated components are hard to review consistently. This skill guides authorized Nikto scans, result handling, and remediation-focused reporting.
sca-blackduck
Medium Risk 50Audit Dependencies with Black Duck
by AgentSecOps
Open source dependencies can introduce vulnerabilities, license obligations, and supply chain risk. This skill helps Claude, Codex, and Claude Code run Black Duck-centered SCA workflows with practical remediation guidance.
skill-name
High Risk 38Build Security Operations Skill Templates
by AgentSecOps
Security teams need repeatable workflows for reviews, rules, and CI security checks. This skill provides reusable templates for AppSec, DevSecOps, compliance, and incident response work.
api-mitmproxy
High Risk 38Intercept and Analyze API Traffic
by AgentSecOps
API teams need controlled visibility into encrypted client traffic. This skill guides mitmproxy setup, capture, replay, and reporting for authorized security testing.
role-creator
Medium Risk 50Create Custom Codex Agent Roles
by am-will
Custom agent roles are hard to configure safely because Codex config files have strict supported keys. This skill collects required inputs, writes role configs, registers them, and validates the result.
secrets-gitleaks
Medium Risk 50Scan Repositories for Secrets with Gitleaks
by AgentSecOps
Hardcoded credentials can enter repositories through commits, examples, and configuration files. This skill helps teams add Gitleaks scanning, CI gates, baselines, and remediation workflows.
sca-trivy
Medium Risk 50Scan Dependencies and Containers with Trivy
by AgentSecOps
Teams need a repeatable way to find vulnerable packages, unsafe images, and IaC misconfigurations before release. This skill guides Claude, Codex, and Claude Code through Trivy scans, SBOM output, CI gates, and remediation planning.
sast-horusec
High Risk 38Run Horusec SAST Reviews
by AgentSecOps
Security teams need consistent static analysis across mixed-language repositories. This skill guides Horusec scans, CI integration, secret detection, report review, and false positive handling.
sast-bandit
Medium Risk 50Scan Python Code with Bandit SAST
by AgentSecOps
Python teams need fast security checks before code reaches production. This skill guides Claude, Codex, and Claude Code through Bandit scans, prioritization, and remediation planning.
reviewdog
High Risk 38Automate Reviewdog Security Reviews
by AgentSecOps
Security findings often reach developers too late in the review cycle. This skill helps configure reviewdog so scanner and linter results appear directly in pull requests.
recon-nmap
High Risk 38Run Authorized Nmap Reconnaissance
by AgentSecOps
Network teams need repeatable scans that stay within approved scope. This skill structures Nmap discovery, enumeration, vulnerability checks, and reporting for authorized assessments.
policy-opa
Medium Risk 50Enforce Policy-as-Code with OPA
by AgentSecOps
Security teams need repeatable policy checks across Kubernetes, infrastructure, and compliance workflows. This skill provides OPA and Rego guidance, templates, and CI examples for consistent validation.
pentest-metasploit
High Risk 38Validate Vulnerabilities with Metasploit
by AgentSecOps
Security teams need repeatable workflows for authorized vulnerability validation without losing scope discipline. This skill guides Metasploit planning, execution notes, and defensive reporting for controlled assessments.
network-netcat
Critical 38Assess Netcat Network Testing Risk
by AgentSecOps
Security teams need clear review of netcat workflows before using them in controlled environments. This skill explains network testing patterns, but its offensive shell and exfiltration guidance makes it unsafe for open marketplace publishing.
ir-velociraptor
High Risk 38Investigate Endpoints with Velociraptor
by AgentSecOps
Incident responders need fast endpoint visibility during active investigations. This skill provides Velociraptor VQL patterns, collector guidance, and hunt templates for authorized forensic work.
iac-checkov
Medium Risk 50Scan IaC Security With Checkov
by AgentSecOps
Infrastructure teams need to catch cloud misconfigurations before they reach production. This skill guides Checkov scans, compliance mapping, CI gates, suppressions, and remediation reporting.
forensics-osquery
Medium Risk 50Investigate Endpoints with osquery
by AgentSecOps
Incident responders need fast endpoint evidence without switching between many host tools. This skill guides Claude, Codex, and Claude Code through osquery-based triage, hunting, and monitoring workflows.
dast-zap
Medium Risk 50Run OWASP ZAP DAST Scans
by AgentSecOps
Web teams need repeatable runtime security checks before releases. This skill guides authorized OWASP ZAP scans, authenticated testing, CI setup, and report review.
dast-nuclei
Medium Risk 50Scan Web Apps with Nuclei
by AgentSecOps
Security teams need fast checks for known vulnerabilities without building every test from scratch. This skill helps Claude, Codex, and Claude Code guide authorized Nuclei scans, CI workflows, and result validation.