Skip to main content
Run any Skill in Manus
with one click
GitHub repository

llm_rules_tk

llm_rules_tk contains 21 collected skills from cwrricio, with repository-level occupation coverage and site-owned skill detail pages.

skills collected
21
Stars
2
updated
2026-05-15
Forks
0
Occupation coverage
2 occupation categories · 100% classified
repository explorer

Skills in this repository

snort-rule-generation
information-security-analysts

Generate Snort 3.9.7.0 IDS rules from a natural-language operator intent. Use whenever you need to write a new rule, refine an existing one, or recover from a syntax error.

2026-05-15
validated-rules-library
information-security-analysts

Reuse Snort rules that already fired in past experiments. ALWAYS consult this skill at the start of every cycle BEFORE writing a new rule. Validated rules are known-good detection patterns persisted per attack_id under data/validated_rules/.

2026-05-15
evasion-variants
information-security-analysts

How to produce an evasion variant of a previously successful attack. Use this when request_variant=True on the attacker request.

2026-05-14
attack-execution
information-security-analysts

How to execute the selected attack container on the attacker host and interpret the result.

2026-05-14
attack-selection
information-security-analysts

How to map an operator intent to one of the attacks discovered on the attacker host. Use this before calling execute_attack.

2026-05-14
mqtt-bruteforce
information-security-analysts

Rule-generation refinement playbook for MQTT Brute Force — credential brute force against MQTT brokers on TCP port 1883 using dictionary attacks. Load when the operator intent maps to attack_id mqtt-bruteforce.

2026-05-14
mqtt-lwt-abuse
information-security-analysts

Rule-generation refinement playbook for MQTT LWT Abuse — abuse of MQTT Last Will and Testament to publish malicious payloads under the broker's trusted identity. Load when the operator intent maps to attack_id mqtt-lwt-abuse.

2026-05-14
mqtt-publisher-flood
information-security-analysts

Rule-generation refinement playbook for MQTT Publisher Flood — PUBLISH flood saturating broker memory, bandwidth, and subscriber processing pipelines. Load when the operator intent maps to attack_id mqtt-publisher-flood.

2026-05-14
mqtt-qos-amplification
information-security-analysts

Rule-generation refinement playbook for MQTT QoS Amplification — memory amplification by leaving QoS 2 handshakes incomplete (PUBLISH/PUBREC, no PUBREL). Load when the operator intent maps to attack_id mqtt-qos-amplification.

2026-05-14
xrce-dds-entity-flood
information-security-analysts

Rule-generation refinement playbook for XRCE-DDS Entity Flood — exhaustion of the XRCE-DDS Agent object tables by creating thousands of Participant/Topic/Publisher/DataWriter entities. Load when the operator intent maps to attack_id xrce-dds-entity-flood.

2026-05-14
xrce-dds-fragment-abuse
information-security-analysts

Rule-generation refinement playbook for XRCE-DDS Fragment Abuse — abuse of RTPS DATA_FRAG reassembly with incomplete, overlapping or flood fragments. Load when the operator intent maps to attack_id xrce-dds-fragment-abuse.

2026-05-14
xrce-dds-malformed-inject
information-security-analysts

Rule-generation refinement playbook for XRCE-DDS Malformed Inject — injection of malformed XCDR payloads into an established session targeting the Micro CDR deserializer. Load when the operator intent maps to attack_id xrce-dds-malformed-inject.

2026-05-14
xrce-dds-session-hijack
information-security-analysts

Rule-generation refinement playbook for XRCE-DDS Session Hijack — brute force of hardcoded XRCE client_key values to hijack legitimate sessions. Load when the operator intent maps to attack_id xrce-dds-session-hijack.

2026-05-14
xrce-dds-time-desync
information-security-analysts

Rule-generation refinement playbook for XRCE-DDS Time Desync — desynchronization of the client/agent clock via manipulated time_offset, corrupting sensor timestamps. Load when the operator intent maps to attack_id xrce-dds-time-desync.

2026-05-14
xrce-dds-udp-dos
information-security-analysts

Rule-generation refinement playbook for XRCE-DDS UDP DoS — UDP flood targeting the XRCE-DDS Agent on port 8888 using uxr_ping_agent_attempts(). Load when the operator intent maps to attack_id xrce-dds-udp-dos.

2026-05-14
alert-interpretation
information-security-analysts

How to check the IDS alert log after an attack and decide whether the rule converged or needs refinement.

2026-05-14
iteration-recording
data-scientists-152051

How and when to persist a rule attempt to the experiment record (metrics.csv and experiment.json).

2026-05-14
rule-deployment
information-security-analysts

How to assign a SID and deploy a validated Snort rule to the live IDS via the assign_sid and deploy_rule tools.

2026-05-14
rule-validation-workflow
information-security-analysts

How to validate a candidate Snort rule against the live IDS before deployment, interpret the result, and recover from syntax errors.

2026-05-14
attack-destinations
information-security-analysts

Hard rule about fixed attack destinations (IP and port). Read this before generating rules or planning attacks.

2026-05-14
experiment-cycle
data-scientists-152051

The shared protocol for one variant cycle in a Rules Farmer experiment. Read this before starting any cycle.

2026-05-14