Skip to main content
Manusで任意のスキルを実行
ワンクリックで
camgrimsec
GitHub クリエイタープロフィール

camgrimsec

1 件の GitHub リポジトリにある 12 件の収集済み skills をリポジトリ単位で表示します。

収集済み skills
12
リポジトリ
1
更新
2026-04-13
リポジトリマップ

skills がある場所

収集済み skill 数が多いリポジトリを、このクリエイターカタログ内の比率と職業範囲とともに表示します。

リポジトリエクスプローラー

リポジトリと代表的な skills

devsecops-repo-analyzer
情報セキュリティアナリスト

Performs end-to-end DevSecOps security analysis on any GitHub repository. Runs a 6-stage pipeline: repo ingestion and inventory, application context classification with STRIDE threat modeling, multi-tool vulnerability scanning (SAST, SCA via Trivy + Snyk + Grype, secrets, IaC), reachability and context analysis that assigns Real Risk Scores, remediation recommendations with optional GitHub PR generation, and a final structured assessment report. Use when the user asks to analyze a repo for security issues, run a DevSecOps assessment, threat model a codebase, check for vulnerabilities, or audit an open source project. Triggers include phrases like "analyze this repo", "security scan", "vulnerability assessment", "threat model this", "DevSecOps analysis", "audit this codebase", or "check this project for security issues".

2026-04-13
cicd-pipeline-auditor
情報セキュリティアナリスト

Audits GitHub Actions CI/CD workflow files for supply chain and pipeline security risks. Use when asked to audit, analyze, scan, or review GitHub Actions workflows, .github/workflows/, CI/CD pipelines, pipeline security, or DevSecOps pipeline hardening. Detects unpinned third-party actions (supply chain attacks like tj-actions CVE-2025-30066), expression injection / script injection, overly permissive permissions, dangerous triggers (pull_request_target, workflow_run PPE), secrets exposure, and self-hosted runner risks. Part of the GRIMSEC DevSecOps agent suite.

2026-04-13
vulnerability-context-enricher
情報セキュリティアナリスト

Enriches CVE identifiers with multi-source intelligence from NVD, GitHub Advisory Database (via OSV.dev), EPSS exploit prediction scores, and CISA Known Exploited Vulnerabilities catalog. For each CVE, retrieves CVSS scores with full vector decomposition, CWE weakness classification, MITRE ATT&CK technique mapping, affected package versions and fix availability, 30-day exploitation probability, and active exploitation status. Generates plain-language exploitability summaries and composite priority scores suitable for non-security engineering teams. Works standalone with individual CVE IDs or in batch mode from Trivy scan output. Chains with devsecops-repo-analyzer to add external intelligence to reachability analysis findings. Use when the user asks to "look up a CVE", "enrich vulnerabilities", "check if a CVE is exploited in the wild", "get EPSS score", "map CVEs to ATT&CK", "prioritize vulnerabilities", "check CISA KEV", or "explain this vulnerability to my team".

2026-04-13
doc-intelligence-agent
情報セキュリティアナリスト

Performs deep documentation analysis on software repositories to build a comprehensive product context profile used to validate and enrich security vulnerability findings. Use when analyzing repositories for security assessments, when security scanner findings need context about the application's actual runtime environment, when evaluating whether scanner-reported vulnerabilities are mitigated by existing security controls, or when preparing security PRs that reference deployment architecture, authentication model, sandboxing, encryption, and audit logging. Covers documentation analysis, product context extraction, security architecture mapping, deployment security, API surface analysis, and vulnerability context adjustment.

2026-04-13
threat-intel-monitor
情報セキュリティアナリスト

Continuous threat intelligence monitoring agent for DevSecOps. Monitors CISA KEV (Known Exploited Vulnerabilities), OSV.dev, NVD, and GitHub Advisory Database for newly disclosed CVEs, then cross-references them against dependency inventories from previously analyzed repositories to detect exposure. Use when asked to check for new threats, monitor CVEs, run a threat intel scan, detect new vulnerabilities affecting monitored repos, or schedule recurring vulnerability monitoring. Part of the GRIMSEC DevSecOps agent suite. Integrates with devsecops-repo-analyzer inventory outputs.

2026-04-13
executive-reporting-agent
コンピュータ・情報システムマネージャー最高経営責任者

Generates executive-level security posture reports for CISOs, CTOs, and board members. Translates raw DevSecOps findings into business impact metrics including financial risk quantification, compliance alignment, MTTR benchmarking, supply chain exposure, and engineering velocity impact. Use when asked to create executive reports, board presentations, security ROI analysis, risk quantification, compliance mapping, or leadership briefings from security scan data. Chains with devsecops-repo-analyzer, cicd-pipeline-auditor, and vulnerability-context-enricher outputs.

2026-04-13
dast-scanner
情報セキュリティアナリスト

Dynamic Application Security Testing (DAST) skill for the GRIMSEC DevSecOps agent suite (Agent 7). Performs runtime vulnerability detection on running web applications using Nuclei and OWASP ZAP. Use when performing DAST, dynamic testing, black-box scanning, web application security testing, ZAP scanning, Nuclei scanning, OWASP testing, or runtime vulnerability detection against a live target URL or Docker-hosted application.

2026-04-13
exploit-validation-agent
情報セキュリティアナリスト

GRIMSEC Agent 8 — Exploit Validation Agent. Use when validating security findings from devsecops-repo-analyzer with Real Risk Score >= 7. Generates proof-of-concept exploits, proves exploitability through static analysis and code tracing, and produces structured validation reports. Triggered by keywords: exploit validation, PoC generation, prove exploitability, validate finding, RRS >= 7, reachability-analysis.json, grimsec validation, devsecops exploit, security finding confirmation.

2026-04-13
このリポジトリの収集済み skills 12 件中、上位 8 件を表示しています。
1 件中 1 件のリポジトリを表示
すべてのリポジトリを表示しました