threat detection AI Agent Skills

Browse 31 skills related to threat detection

perception-system

376
a5c-aia5c-ai

AI perception skill for sight, hearing, and threat detection systems.

132 days ago

siem-logging

296
ancolemanancoleman

Configure security information and event management (SIEM) systems for threat detection, log aggregation, and compliance. Use when implementing centralized security logging, writing detection rules, or meeting audit requirements across cloud and on-premise infrastructure.

132 days ago

analysing-attack

252
tsaletsale

Analyse Mitre ATT&CK tactics, techniques and sub-techniques. Use when performing analysis of threat detections, threat models, security risks or cyber threat intelligence

132 days ago

cloud-security-configuration

95
aj-geddesaj-geddes

Implement comprehensive cloud security across AWS, Azure, and GCP with IAM, encryption, network security, compliance, and threat detection.

132 days ago

security-analysis

7
bostonaholicbostonaholic

This skill should be used when the user asks to "audit security", "check for vulnerabilities", "scan for malicious code", "analyze security risks", "detect data exfiltration", or mentions security patterns, threat detection, or codebase safety assessment.

132 days ago

detecting-process-injection-techniques

2
mukul975mukul975

Detects and analyzes process injection techniques used by malware including classic DLL injection, process hollowing, APC injection, thread hijacking, and reflective loading. Uses memory forensics, API monitoring, and behavioral analysis to identify injection artifacts. Activates for requests involving process injection detection, code injection analysis, hollowed process investigation, or in-memory threat detection.

malwareprocess-injectiondetection+2
131 days ago

defend-colony

2
pjt222pjt222

Implement layered collective defense using alarm signaling, role mobilization, and proportional response. Covers threat detection, alert propagation, immune response patterns, escalation tiers, and post-incident recovery for distributed systems and organizations. Use when designing defense-in-depth where no single guardian covers all threats, building incident response that scales with severity, or when current defense is over-reactive to every alert or under-reactive to genuine threats.

131 days ago

detecting-fileless-malware-techniques

2
mukul975mukul975

Detects and analyzes fileless malware that operates entirely in memory using PowerShell, WMI, .NET reflection, registry-resident payloads, and living-off-the-land binaries (LOLBins) without writing traditional executable files to disk. Activates for requests involving fileless threat detection, in-memory malware investigation, LOLBin abuse analysis, or WMI persistence examination.

malwarefilelessLOLBins+2
132 days ago

implementing-ot-network-traffic-analysis-with-nozomi

2
mukul975mukul975

Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset visibility, real-time threat detection, and vulnerability assessment across industrial control systems without disrupting operations, leveraging behavioral anomaly detection and protocol-aware monitoring.

ot-securityicsnozomi+5
131 days ago

detecting-compromised-cloud-credentials

2
mukul975mukul975

Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible travel patterns, unauthorized resource provisioning, and credential abuse indicators using GuardDuty, Defender for Identity, and SCC Event Threat Detection.

cloud-securitycredential-compromisethreat-detection+3
131 days ago

performing-insider-threat-investigation

2
mukul975mukul975

Investigates insider threat incidents involving employees, contractors, or trusted partners who misuse authorized access to steal data, sabotage systems, or violate security policies. Combines digital forensics, user behavior analytics, and HR/legal coordination to build an evidence-based case. Activates for requests involving insider threat investigation, employee data theft, privilege misuse, user behavior anomaly, or internal threat detection.

insider-threatuser-behavior-analyticsdata-exfiltration+2
131 days ago

awareness

2
pjt222pjt222

AI situational awareness — internal threat detection for hallucination risk, scope creep, and context degradation. Maps Cooper color codes to reasoning states and OODA loop to real-time decisions. Use during any task where reasoning quality matters, when operating in unfamiliar territory, after detecting early warning signs such as an uncertain fact or suspicious tool result, or before high-stakes output like irreversible changes or architectural decisions.

131 days ago

deploying-edr-agent-with-crowdstrike

2
mukul975mukul975

Deploys and configures CrowdStrike Falcon EDR agents across enterprise endpoints to enable real-time threat detection, behavioral analysis, and automated response. Use when onboarding endpoints to EDR coverage, configuring detection policies, or integrating Falcon telemetry with SIEM platforms. Activates for requests involving CrowdStrike deployment, Falcon sensor installation, EDR policy configuration, or endpoint detection and response.

endpointedrCrowdStrike+3
131 days ago

configuring-suricata-for-network-monitoring

2
mukul975mukul975

Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets, EVE JSON logging, and custom rules for real-time network traffic inspection, threat detection, and integration with SIEM platforms for centralized security monitoring.

network-securitysuricataids+2
131 days ago

awareness

2
pjt222pjt222

AI situational awareness — internal threat detection for hallucination risk, scope creep, and context degradation. Maps Cooper color codes to reasoning states and OODA loop to real-time decisions. Use during any task where reasoning quality matters, when operating in unfamiliar territory, after detecting early warning signs such as an uncertain fact or suspicious tool result, or before high-stakes output like irreversible changes or architectural decisions.

131 days ago

implementing-dragos-platform-for-ot-monitoring

2
mukul975mukul975

Deploy and configure the Dragos Platform for OT network monitoring, leveraging its 600+ industrial protocol parsers, intelligence-driven threat detection analytics, and asset visibility capabilities to protect ICS environments against threat groups like VOLTZITE, GRAPHITE, and BAUXITE.

ot-securityicsdragos+5
131 days ago

defend-colony

2
pjt222pjt222

Implement layered collective defense using alarm signaling, role mobilization, and proportional response. Covers threat detection, alert propagation, immune response patterns, escalation tiers, and post-incident recovery for distributed systems and organizations. Use when designing defense-in-depth where no single guardian covers all threats, building incident response that scales with severity, or when current defense is over-reactive to every alert or under-reactive to genuine threats.

131 days ago

configuring-windows-event-logging-for-detection

2
mukul975mukul975

Configures Windows Event Logging with advanced audit policies to generate high-fidelity security events for threat detection and forensic investigation. Use when enabling audit policies for logon events, process creation, privilege use, and object access to feed SIEM detection rules. Activates for requests involving Windows audit policy, event log configuration, security logging, or detection-oriented logging.

endpointwindows-securityevent-logging+2
131 days ago

detecting-cloud-threats-with-guardduty

2
mukul975mukul975

This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection across AWS accounts and workloads. It covers enabling protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting finding severity levels, and building automated response workflows using EventBridge and Lambda.

amazon-guarddutythreat-detectionaws-security+2
131 days ago

performing-network-traffic-analysis-with-zeek

2
mukul975mukul975

Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection, anomaly identification, and forensic investigation.

zeeknetwork-monitoringtraffic-analysis+6
131 days ago

implementing-cloud-trail-log-analysis

2
mukul975mukul975

Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation using Athena, CloudWatch Logs Insights, and SIEM integration to identify unauthorized access, privilege escalation, and suspicious API activity.

cloud-securityawscloudtrail+3
131 days ago

detecting-aws-guardduty-findings-automation

2
mukul975mukul975

Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time incident response, automatic quarantine of compromised resources, and security notification workflows.

awsguarddutyeventbridge+5
131 days ago

performing-ssl-tls-inspection-configuration

2
mukul975mukul975

Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for threat detection while managing certificates, exemptions, and privacy compliance.

ssl-inspectiontls-decryptionhttps-inspection+5
131 days ago

building-detection-rules-with-sigma

2
mukul975mukul975

Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms including Splunk, Elastic, and Microsoft Sentinel. Use when creating portable detection logic from threat intelligence, mapping rules to MITRE ATT&CK techniques, or converting community Sigma rules into platform-specific queries using sigmac or pySigma backends.

socsigmadetection-rules+5
131 days ago

implementing-runtime-security-with-tetragon

2
mukul975mukul975

Implement eBPF-based runtime security observability and enforcement in Kubernetes clusters using Cilium Tetragon for kernel-level threat detection and policy enforcement.

tetragonebpfruntime-security+6
131 days ago

de-half-light

1
macakuayamacakuaya

Disco Elysium HALF LIGHT skill: threat detection and danger assessment. Activates near deployments, database changes, deletions, security-adjacent code, env variables, production data, or any change that could cause irreversible damage.

132 days ago

de-half-light

1
macakuayamacakuaya

Disco Elysium HALF LIGHT skill: threat detection and danger assessment. Activates near deployments, database changes, deletions, security-adjacent code, env variables, production data, or any change that could cause irreversible damage.

131 days ago

security-monitoring-threat-detection

smkssmart1smkssmart1

Enterprise-grade skill for implementing 24/7 security monitoring and threat detection on OpenClaw AI agent infrastructure. Use whenever setting up logging, alerting, intrusion detection, SIEM integration, or real-time monitoring for AI agent systems. Also trigger for log analysis, anomaly detection, incident response procedures, SOC operations for AI infrastructure, security event correlation, or any continuous monitoring pattern for autonomous AI agent deployments.

132 days ago

VirusTotal

san-npmsan-npm

URL, file, domain, and IP scanning via VirusTotal CLI and API. Threat detection, reputation checks, malware analysis, phishing detection.

131 days ago

gcp-injection

hminooeihminooei

Use this skill when users need to audit, detect, or remediate Injection vulnerabilities (OWASP A03:2021) on Google Cloud Platform. This includes SQL injection, Cross-Site Scripting (XSS), command injection, LDAP injection, and any scenario where untrusted data is sent to an interpreter. Covers configuring Cloud Armor WAF preconfigured rule sets (sqli-stable, xss-stable, rce-stable, php-stable), reviewing Security Command Center findings for injection-related threats (Container Threat Detection, Web Security Scanner), and auditing Apigee API proxies for JSON/XML threat protection. Activate for GCP WAF hardening, injection prevention, or OWASP A03 compliance.

131 days ago

Audit Guard

Xwen0857Xwen0857

Provides multi-level risk assessment, dynamic threat detection, and a master-approval gateway to govern high-risk operations performed by Agents; when a high risk is detected it intercepts and freezes the operation and waits for master approval before releasing.

132 days ago
ClawiskillClawiskill
Network
Building with
?

Join Clawiskill today. The decentralized skill network for AI Agents.

Registry
70K+
Agent Joins
120K+
Explore Network