Browse Skills — Page 62

designing-workflow-skills

trailofbits/skills

>-

desktime-automation

ComposioHQ/awesome-claude-skills

"Automate Desktime tasks via Rube MCP (Composio). Always search tools first for current schemas."

Desktop A11y Testing Coach

Community-Access/accessibility-agents

Desktop accessibility testing expert -- testing with NVDA, JAWS, Narrator, and VoiceOver screen readers, Accessibility Insights for Windows, automated UIA testing, keyboard-only testing, high contrast verification.

Desktop Accessibility Specialist

Community-Access/accessibility-agents

Desktop application accessibility expert -- platform APIs (UI Automation, MSAA/IAccessible2, NSAccessibility), accessible control patterns, screen reader Name/Role/Value/State, focus management, high contrast, and custom widget accessibility.

desktop-app

popup-studio-ai/bkit-claude-code

|

desktop-click

openakita/openakita

Click desktop elements or coordinates. When you need to click buttons/icons in applications, select menu items, or interact with desktop UI. Supports element description, name prefix, or coordinates. For browser webpage elements, use browser_click instead.

desktop-find-element

openakita/openakita

Find desktop UI elements using UIAutomation (fast, accurate) or vision recognition (fallback). When you need to locate buttons/menus/icons, get element positions before clicking, or verify UI state. For browser webpage elements, use browser_* tools instead.

desktop-hotkey

openakita/openakita

Execute keyboard shortcuts. When you need to copy/paste (Ctrl+C/V), save files (Ctrl+S), close windows (Alt+F4), undo/redo (Ctrl+Z/Y), or select all (Ctrl+A).

desktop-inspect

openakita/openakita

Inspect window UI element tree structure for debugging and understanding interface layout. When you need to debug UI automation issues, understand application structure, or find correct element identifiers.

desktop-screenshot

openakita/openakita

Capture Windows desktop screenshot with automatic file saving. When you need to show desktop state, capture application windows, or record operation results. IMPORTANT - must actually call this tool, never say 'screenshot done' without calling. Returns file_path for deliver_artifacts.

desktop-scroll

openakita/openakita

Scroll mouse wheel in specified direction. When you need to scroll page/document content, navigate long lists, or zoom in/out with Ctrl. Directions - up/down/left/right.

desktop-type

openakita/openakita

Type text at current cursor position in desktop applications. When you need to enter text in dialogs, fill input fields, or type in text editors. Supports Chinese input. For browser webpage forms, use browser_type instead.

desktop-wait

openakita/openakita

Wait for UI element or window to appear. When you need to wait for dialog to open, loading to complete, or synchronize with application state before next action. Default timeout is 10 seconds.

desktop-window

openakita/openakita

Window management operations. When you need to list all open windows, switch to a specific window, minimize/maximize/restore windows, or close windows. Use title parameter for targeting specific window (fuzzy match).

deslop

liby/dotfiles

Closing-pass cleanup after AI edits. Removes generated code slop and catches type-driven refactors that broke runtime behavior. Closing step in the /review -> /simplify -> /deslop chain. Use when the user says "/deslop" or "deslop".

desloppify

databuddy-analytics/Databuddy

Reduce codebase slop by deleting code, flattening abstractions, and replacing custom helpers/types/assertions with native SDK/npm helpers or straightforward schemas (for example Zod). Use when asked to simplify, delete code, or "desloppify" TypeScript/Bun/Nuxt code.

destruction-synthesis

yogsoth-ai/de-anthropocentric-research-engine

Synthesize all assumption destruction outputs into structured destructive innovation report.

detect-static-dependencies

microsoft/testfx

>

detecting-ai-model-prompt-injection-attacks

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-anomalies-in-industrial-control-systems

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-anomalous-authentication-patterns

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-api-enumeration-attacks

mukul975/Anthropic-Cybersecurity-Skills

Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier access patterns and authorization failures.

detecting-arp-poisoning-in-network-traffic

mukul975/Anthropic-Cybersecurity-Skills

Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom monitoring scripts to protect against man-in-the-middle interception.

detecting-attacks-on-historian-servers

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-attacks-on-scada-systems

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-aws-cloudtrail-anomalies

mukul975/Anthropic-Cybersecurity-Skills

Detect unusual API call patterns in AWS CloudTrail logs using boto3, statistical baselining, and behavioral analysis to identify credential compromise, privilege escalation, and unauthorized resource access.

detecting-aws-credential-exposure-with-trufflehog

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-aws-guardduty-findings-automation

mukul975/Anthropic-Cybersecurity-Skills

Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time incident response, automatic quarantine of compromised resources, and security notification workflows.

detecting-aws-iam-privilege-escalation

mukul975/Anthropic-Cybersecurity-Skills

Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations

detecting-azure-lateral-movement

mukul975/Anthropic-Cybersecurity-Skills

Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel KQL hunting queries, and sign-in anomaly correlation to identify privilege escalation, token theft, and cross-tenant pivoting.

detecting-azure-service-principal-abuse

mukul975/Anthropic-Cybersecurity-Skills

Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin consent bypass, and unauthorized enumeration in Microsoft Entra ID environments.

detecting-azure-storage-account-misconfigurations

mukul975/Anthropic-Cybersecurity-Skills

Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing encryption at rest, disabled HTTPS-only traffic, and outdated TLS versions using the azure-mgmt-storage Python SDK.

detecting-beaconing-patterns-with-zeek

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-bluetooth-low-energy-attacks

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-broken-object-property-level-authorization

mukul975/Anthropic-Cybersecurity-Skills

Detect and test for OWASP API3:2023 Broken Object Property Level Authorization vulnerabilities including excessive data exposure and mass assignment attacks.

detecting-business-email-compromise

mukul975/Anthropic-Cybersecurity-Skills

Business Email Compromise (BEC) is a sophisticated fraud scheme where attackers impersonate executives, vendors, or trusted partners to trick employees into transferring funds, sharing sensitive data,

detecting-business-email-compromise-with-ai

mukul975/Anthropic-Cybersecurity-Skills

Deploy AI and NLP-powered detection systems to identify business email compromise attacks by analyzing writing style, behavioral patterns, and contextual anomalies that evade traditional rule-based filters.

detecting-cloud-threats-with-guardduty

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-command-and-control-over-dns

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-compromised-cloud-credentials

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-container-drift-at-runtime

mukul975/Anthropic-Cybersecurity-Skills

Detect unauthorized modifications to running containers by monitoring for binary execution drift, file system changes, and configuration deviations from the original container image.

detecting-container-escape-attempts

mukul975/Anthropic-Cybersecurity-Skills

Container escape is a critical attack technique where an adversary breaks out of container isolation to access the host system or other containers. Detection involves monitoring for escape indicators

detecting-container-escape-with-falco-rules

mukul975/Anthropic-Cybersecurity-Skills

Detect container escape attempts in real-time using Falco runtime security rules that monitor syscalls, file access, and privilege escalation.

detecting-credential-dumping-techniques

mukul975/Anthropic-Cybersecurity-Skills

Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows Security logs, and SIEM correlation rules

detecting-cryptomining-in-cloud

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-dcsync-attack-in-active-directory

mukul975/Anthropic-Cybersecurity-Skills

Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes by monitoring for non-domain-controller accounts requesting directory replication via DsGetNCChanges.

detecting-deepfake-audio-in-vishing-attacks

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-dll-sideloading-attacks

mukul975/Anthropic-Cybersecurity-Skills

Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack execution flow for defense evasion.

detecting-dnp3-protocol-anomalies

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-dns-exfiltration-with-dns-query-analysis

mukul975/Anthropic-Cybersecurity-Skills

Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT record abuse, and response payload sizes using passive DNS monitoring.

detecting-email-account-compromise

mukul975/Anthropic-Cybersecurity-Skills

Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in locations, mail forwarding rules, and unusual API access patterns via Microsoft Graph and audit logs.

detecting-email-forwarding-rules-attack

mukul975/Anthropic-Cybersecurity-Skills

Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.

detecting-evasion-techniques-in-endpoint-logs

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-exfiltration-over-dns-with-zeek

mukul975/Anthropic-Cybersecurity-Skills

Detect DNS-based data exfiltration by analyzing Zeek dns.log for high-entropy subdomains and anomalous query patterns

detecting-fileless-attacks-on-endpoints

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-fileless-malware-techniques

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-golden-ticket-attacks-in-kerberos-logs

mukul975/Anthropic-Cybersecurity-Skills

Detect Golden Ticket attacks in Active Directory by analyzing Kerberos TGT anomalies including mismatched encryption types, impossible ticket lifetimes, non-existent accounts, and forged PAC signatures in domain controller event logs.

detecting-golden-ticket-forgery

mukul975/Anthropic-Cybersecurity-Skills

Detect Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769 for RC4 encryption downgrades (0x17), abnormal ticket lifetimes, and krbtgt account anomalies in Splunk and Elastic SIEM

detecting-insider-data-exfiltration-via-dlp

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-insider-threat-behaviors

mukul975/Anthropic-Cybersecurity-Skills

Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads, privilege abuse, and resignation-correlated data theft.

detecting-insider-threat-with-ueba

mukul975/Anthropic-Cybersecurity-Skills

Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate anomaly scores, perform peer group analysis, and detect insider threat indicators such as data exfiltration, privilege abuse, and unauthorized access patterns.

detecting-kerberoasting-attacks

mukul975/Anthropic-Cybersecurity-Skills

Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with SPNs for offline password cracking.

detecting-lateral-movement-in-network

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-lateral-movement-with-splunk

mukul975/Anthropic-Cybersecurity-Skills

Detect adversary lateral movement across networks using Splunk SPL queries against Windows authentication logs, SMB traffic, and remote service abuse.

detecting-lateral-movement-with-zeek

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-living-off-the-land-attacks

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-living-off-the-land-with-lolbas

mukul975/Anthropic-Cybersecurity-Skills

Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including certutil, regsvr32, mshta, and rundll32 via process telemetry, Sigma rules, and parent-child process analysis

detecting-malicious-scheduled-tasks-with-sysmon

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-mimikatz-execution-patterns

mukul975/Anthropic-Cybersecurity-Skills

Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory detection of known modules.

detecting-misconfigured-azure-storage

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-mobile-malware-behavior

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-modbus-command-injection-attacks

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-modbus-protocol-anomalies

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-network-anomalies-with-zeek

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-network-scanning-with-ids-signatures

mukul975/Anthropic-Cybersecurity-Skills

Detect network reconnaissance and port scanning using Suricata and Snort IDS signatures, threshold-based detection rules, and traffic anomaly analysis to identify Nmap, Masscan, and custom scanning activity.

detecting-ntlm-relay-with-event-correlation

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-oauth-token-theft

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-pass-the-hash-attacks

mukul975/Anthropic-Cybersecurity-Skills

Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where Kerberos is expected, and correlating with credential dumping.

detecting-pass-the-ticket-attacks

mukul975/Anthropic-Cybersecurity-Skills

Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous ticket usage patterns in Splunk and Elastic SIEM

detecting-port-scanning-with-fail2ban

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-privilege-escalation-attempts

mukul975/Anthropic-Cybersecurity-Skills

Detect privilege escalation attempts including token manipulation, UAC bypass, unquoted service paths, kernel exploits, and sudo/doas abuse across Windows and Linux.

detecting-privilege-escalation-in-kubernetes-pods

mukul975/Anthropic-Cybersecurity-Skills

Detect and prevent privilege escalation in Kubernetes pods by monitoring security contexts, capabilities, and syscall patterns with Falco and OPA policies.

detecting-process-hollowing-technique

mukul975/Anthropic-Cybersecurity-Skills

Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child process anomalies in EDR telemetry.

detecting-process-injection-techniques

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-qr-code-phishing-with-email-security

mukul975/Anthropic-Cybersecurity-Skills

Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious URLs in QR code images within emails.

detecting-ransomware-encryption-behavior

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-ransomware-precursors-in-network

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-rdp-brute-force-attacks

mukul975/Anthropic-Cybersecurity-Skills

Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event ID 4625), successful logons after failures (Event ID 4624), NLA failures, and source IP frequency analysis.

detecting-rootkit-activity

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-s3-data-exfiltration-attempts

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-serverless-function-injection

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-service-account-abuse

mukul975/Anthropic-Cybersecurity-Skills

Detect abuse of service accounts through anomalous interactive logons, privilege escalation, lateral movement, and unauthorized access patterns.

detecting-shadow-api-endpoints

mukul975/Anthropic-Cybersecurity-Skills

Discover and inventory shadow API endpoints that operate outside documented specifications using traffic analysis, code scanning, and API discovery platforms.

detecting-shadow-it-cloud-usage

mukul975/Anthropic-Cybersecurity-Skills

Detect unauthorized SaaS and cloud service usage (shadow IT) by analyzing proxy logs, DNS query logs, and netflow data using Python pandas for traffic pattern analysis and domain classification.

detecting-spearphishing-with-email-gateway

mukul975/Anthropic-Cybersecurity-Skills

Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint,

detecting-sql-injection-via-waf-logs

mukul975/Anthropic-Cybersecurity-Skills

>-

detecting-stuxnet-style-attacks

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-supply-chain-attacks-in-ci-cd

mukul975/Anthropic-Cybersecurity-Skills

>

detecting-suspicious-oauth-application-consent

mukul975/Anthropic-Cybersecurity-Skills

Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent grant attacks.

detecting-suspicious-powershell-execution

mukul975/Anthropic-Cybersecurity-Skills

Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts, and constrained language mode evasion.