Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

Comenzar

using-perseus

Estrellas67

Forks14

Actualizado23 de febrero de 2026, 06:33

Use when starting a security conversation to understand the Perseus methodology

Instalación

Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.

Ejecutar en Manus

Fuente

kaivyy

kaivyy/perseus

Abrir repositorio de GitHub Ver repositorios del creador

Descarga

Ejecutar en Manus

Ocupaciones relacionadasSOC

Basado en la clasificación ocupacional SOC

Analistas de seguridad de la informaciónOcupaciones informáticas y matemáticas·SOC 15-1212

SKILL.md

readonly

name	using-perseus
description	Use when starting a security conversation to understand the Perseus methodology

Using Perseus

Overview

Perseus is a rigorous, automated security assessment framework for Claude Code. It transforms the AI into a structured penetration tester.

Core Principle: Methodological rigor over ad-hoc guessing. We do not "look around"; we execute specific phases.

The Workflow

The assessment MUST follow this linear sequence. Do not skip phases.

Phase 1: Reconnaissance (`/scan`)

Goal: Map the attack surface.

Action: Run Skill: perseus:scan (or /scan).
Output: deliverables/code_analysis_deliverable.md (Target Knowledge Graph).
Stop Condition: Do not proceed until you know what to attack.

Phase 2: Vulnerability Analysis (Audit)

Goal: Prove potential vulnerability.

Action: Run Skill: perseus:audit.
Logic: Launch 5 parallel specialists (Injection, XSS, Auth, Authz, SSRF).
Method: "Negative Analysis" (Source -> Flow -> Sink -> Defense -> Verdict).
Output: Specialized reports in deliverables/.

Phase 3: Exploitation (Exploit)

Goal: Verify impact (False Positive Filtering).

Action: Run Skill: perseus:exploit.
Safety: Use SAFE payloads only (whoami, alert(1), sleep).
Output: Verified proofs in deliverables/exploitation_report.md.

Phase 4: Reporting (`/report`)

Goal: Communicate risk.

Action: Run Skill: perseus:report (or /report).
Output: Final SECURITY_REPORT.md with executive summary and risk scoring.

Optional: Specialists (`/specialist`)

Goal: Run all deep-dive specialists in parallel.

Action: Run Skill: perseus-specialist (or /specialist).

Engagement Modes

Always select engagement mode before Phase 1. If user does not specify, default to PRODUCTION_SAFE.

Mode	Intended Environment	Verification Style
`PRODUCTION_SAFE`	Live production	Passive analysis + minimal non-disruptive verification
`STAGING_ACTIVE`	Staging/pre-prod	Targeted active verification with throttling
`LAB_FULL`	Isolated lab	Full dynamic verification for hard-to-reproduce findings
`LAB_RED_TEAM`	Dedicated security lab	Adversarial chain simulation with strict legal scope

Mode selection rule:

If environment is unclear, assume production and use PRODUCTION_SAFE.
If user requests aggressive testing, require explicit confirmation that target is staging/lab and authorized.
Record chosen mode in deliverables so report consumers understand test depth.

Critical Rules

No Hallucinations: Only report vulnerabilities you have verified via Audit or Exploit.
Safe Mode: Never execute destructive commands (e.g., rm, DROP TABLE).
Evidence-Based: Every finding must cite a specific File:Line or HTTP Request/Response.
Authorization Gate: Do not run active exploit validation on production without explicit approved test window.
Stability First: Keep verification low-rate and stop immediately if service degradation appears.
Lab Isolation for Red-Team Mode: LAB_RED_TEAM only on isolated test environment with non-production data.

How to Start

If the user asks for a security review, pentest, or audit, ALWAYS start with:

I will use the Perseus methodology to assess this codebase.
Starting Phase 1: Reconnaissance...
[Invoking /scan]

Más de este repositorio

mismo repositorio

perseusstart

kaivyy/perseus

Use when you want to run a full, automated penetration test from start to finish (Scan -> Audit -> Exploit -> Report)

2026-02-2367

perseusaudit

kaivyy/perseus

Use when analyzing components for vulnerabilities (Phase 2 - Parallel Analysis)

2026-02-1267

perseusexploit

kaivyy/perseus

Use when verifying vulnerabilities with Dynamic Exploit Generation (Phase 3)

2026-02-1267

perseusreport

kaivyy/perseus

Use when generating the final executive security report (Phase 4)

2026-02-1267

perseus-specialist

kaivyy/perseus

Run all specialist deep-dive skills in parallel for comprehensive analysis

2026-02-1267

perseus-api

kaivyy/perseus

Deep-dive API security analysis (REST, GraphQL, WebSocket, gRPC, OAuth, Cache)

2026-02-1267

name	using-perseus
description	Use when starting a security conversation to understand the Perseus methodology

Using Perseus

Overview

Perseus is a rigorous, automated security assessment framework for Claude Code. It transforms the AI into a structured penetration tester.

Core Principle: Methodological rigor over ad-hoc guessing. We do not "look around"; we execute specific phases.

The Workflow

The assessment MUST follow this linear sequence. Do not skip phases.

Phase 1: Reconnaissance (`/scan`)

Goal: Map the attack surface.

Action: Run Skill: perseus:scan (or /scan).
Output: deliverables/code_analysis_deliverable.md (Target Knowledge Graph).
Stop Condition: Do not proceed until you know what to attack.

Phase 2: Vulnerability Analysis (Audit)

Goal: Prove potential vulnerability.

Action: Run Skill: perseus:audit.
Logic: Launch 5 parallel specialists (Injection, XSS, Auth, Authz, SSRF).
Method: "Negative Analysis" (Source -> Flow -> Sink -> Defense -> Verdict).
Output: Specialized reports in deliverables/.

Phase 3: Exploitation (Exploit)

Goal: Verify impact (False Positive Filtering).

Action: Run Skill: perseus:exploit.
Safety: Use SAFE payloads only (whoami, alert(1), sleep).
Output: Verified proofs in deliverables/exploitation_report.md.

Phase 4: Reporting (`/report`)

Goal: Communicate risk.

Action: Run Skill: perseus:report (or /report).
Output: Final SECURITY_REPORT.md with executive summary and risk scoring.

Optional: Specialists (`/specialist`)

Goal: Run all deep-dive specialists in parallel.

Action: Run Skill: perseus-specialist (or /specialist).

Engagement Modes

Always select engagement mode before Phase 1. If user does not specify, default to PRODUCTION_SAFE.

Mode	Intended Environment	Verification Style
`PRODUCTION_SAFE`	Live production	Passive analysis + minimal non-disruptive verification
`STAGING_ACTIVE`	Staging/pre-prod	Targeted active verification with throttling
`LAB_FULL`	Isolated lab	Full dynamic verification for hard-to-reproduce findings
`LAB_RED_TEAM`	Dedicated security lab	Adversarial chain simulation with strict legal scope

Mode selection rule:

If environment is unclear, assume production and use PRODUCTION_SAFE.
If user requests aggressive testing, require explicit confirmation that target is staging/lab and authorized.
Record chosen mode in deliverables so report consumers understand test depth.

Critical Rules

No Hallucinations: Only report vulnerabilities you have verified via Audit or Exploit.
Safe Mode: Never execute destructive commands (e.g., rm, DROP TABLE).
Evidence-Based: Every finding must cite a specific File:Line or HTTP Request/Response.
Authorization Gate: Do not run active exploit validation on production without explicit approved test window.
Stability First: Keep verification low-rate and stop immediately if service degradation appears.
Lab Isolation for Red-Team Mode: LAB_RED_TEAM only on isolated test environment with non-production data.

How to Start

If the user asks for a security review, pentest, or audit, ALWAYS start with:

I will use the Perseus methodology to assess this codebase.
Starting Phase 1: Reconnaissance...
[Invoking /scan]

using-perseus

Using Perseus

Overview

The Workflow

Phase 1: Reconnaissance (/scan)

Phase 2: Vulnerability Analysis (Audit)

Phase 3: Exploitation (Exploit)

Phase 4: Reporting (/report)

Optional: Specialists (/specialist)

Engagement Modes

Critical Rules

How to Start

Más de este repositorio

Más de este repositorio

Using Perseus

Overview

The Workflow

Phase 1: Reconnaissance (/scan)

Phase 2: Vulnerability Analysis (Audit)

Phase 3: Exploitation (Exploit)

Phase 4: Reporting (/report)

Optional: Specialists (/specialist)

Engagement Modes

Critical Rules

How to Start

Phase 1: Reconnaissance (`/scan`)

Phase 4: Reporting (`/report`)

Optional: Specialists (`/specialist`)

Phase 1: Reconnaissance (`/scan`)

Phase 4: Reporting (`/report`)

Optional: Specialists (`/specialist`)