Skip to content

mdfranz/sec-skillz

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
bin
bin
 
 
original
original
 
 
skills
skills
 
 
README.md
README.md
 
 
claude.png
claude.png
 
 
codex.png
codex.png
 
 
gemini.png
gemini.png
 
 

Repository files navigation

Security Skillz

A collection of specialized agent skills for security analysis. These are designed to work across Claude Code, Gemini CLI, and Codx

Architecture

The repository follows a modular structure where skills are maintained in this repo (sec-skillz) and can be integrated into any analysis workspace as a submodule.

graph TD
    subgraph Workspace ["Analysis Workspace"]
        direction TB
        W_Root["Project Root"]
        W_Agents[".gemini | .claude | .codex"]
        W_Submodule["sec-skillz/ (Git Submodule)"]
        
        W_Root --> W_Agents
        W_Root --> W_Submodule
        W_Agents -- "symlink to" --> S_Dir
    end

    subgraph SkillRepo ["sec-skillz Repository"]
        direction TB
        S_Dir["skills/"]
        
        subgraph SkillLayout ["Skill Layout"]
            SL_Name["{skill-name}/"]
            SL_Main["SKILL.md"]
            SL_Refs["references/"]
            SL_Docs["*.md"]
            
            SL_Name --> SL_Main
            SL_Name --> SL_Refs
            SL_Refs --> SL_Docs
        end
        
        S_Dir --> SL_Name
    end
Loading

Assumptions

There is a separation of your workspace (a git repo where you are doing analysis) from the your skill repo

Your workspace has your data and report artifacts and tools developed by the skills where you iterate with multiple coding CLIs.

Add submodule for skills repo

git submodule add git@github.com:mdfranz/sec-skillz.git sec-skillz

Create directories

mkdir -p .gemini .codex .claude

Create symlinks to skill dirs for each

ln -s ../sec-skillz/skills .claude/skills
ln -s ../sec-skillz/skills .gemini/skills
ln -s ../sec-skillz/skills .codex/skills

Available Skills

CloudFront Analyst

Location: skills/cloudfront-analyst/
Description: Analyzes Amazon CloudFront logs using Python, DuckDB, and polars to identify network threats, suspicious egress, and protocol anomalies.

CloudTrail Analyst

Location: skills/cloudtrail-analyst/
Description: Analyzes AWS CloudTrail logs using Python, DuckDB, and jq to identify security anomalies, unauthorized API calls, and privilege escalation.

osqueryi Analyst

Location: skills/osqueryi-analyst/
Description: Runs live osqueryi queries using Python, DuckDB, and polars to investigate endpoint state, hunt for threats, and enumerate persistence mechanisms.

Suricata Analyst

Location: skills/suricata-analyst/
Description: Analyzes Suricata EVE JSON logs using Python, DuckDB, polars, and jq to identify network threats, suspicious egress, and protocol anomalies.

References

See the following reference

About

Various Agent (Gemini, Claude, Codex) Markdown

Topics

python skills security-tools

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages