Skip to main content
Manus에서 모든 스킬 실행
원클릭으로
camgrimsec
GitHub 제작자 프로필

camgrimsec

1개 GitHub 저장소에서 수집된 12개 skills를 저장소 단위로 보여줍니다.

수집된 skills
12
저장소
1
업데이트
2026-04-13
저장소 지도

skills가 있는 위치

수집된 skill 수가 많은 주요 저장소와 이 제작자 카탈로그 내 비중, 직업 분포를 보여줍니다.

저장소 탐색

저장소와 대표 skills

devsecops-repo-analyzer
정보 보안 분석가

Performs end-to-end DevSecOps security analysis on any GitHub repository. Runs a 6-stage pipeline: repo ingestion and inventory, application context classification with STRIDE threat modeling, multi-tool vulnerability scanning (SAST, SCA via Trivy + Snyk + Grype, secrets, IaC), reachability and context analysis that assigns Real Risk Scores, remediation recommendations with optional GitHub PR generation, and a final structured assessment report. Use when the user asks to analyze a repo for security issues, run a DevSecOps assessment, threat model a codebase, check for vulnerabilities, or audit an open source project. Triggers include phrases like "analyze this repo", "security scan", "vulnerability assessment", "threat model this", "DevSecOps analysis", "audit this codebase", or "check this project for security issues".

2026-04-13
cicd-pipeline-auditor
정보 보안 분석가

Audits GitHub Actions CI/CD workflow files for supply chain and pipeline security risks. Use when asked to audit, analyze, scan, or review GitHub Actions workflows, .github/workflows/, CI/CD pipelines, pipeline security, or DevSecOps pipeline hardening. Detects unpinned third-party actions (supply chain attacks like tj-actions CVE-2025-30066), expression injection / script injection, overly permissive permissions, dangerous triggers (pull_request_target, workflow_run PPE), secrets exposure, and self-hosted runner risks. Part of the GRIMSEC DevSecOps agent suite.

2026-04-13
vulnerability-context-enricher
정보 보안 분석가

Enriches CVE identifiers with multi-source intelligence from NVD, GitHub Advisory Database (via OSV.dev), EPSS exploit prediction scores, and CISA Known Exploited Vulnerabilities catalog. For each CVE, retrieves CVSS scores with full vector decomposition, CWE weakness classification, MITRE ATT&CK technique mapping, affected package versions and fix availability, 30-day exploitation probability, and active exploitation status. Generates plain-language exploitability summaries and composite priority scores suitable for non-security engineering teams. Works standalone with individual CVE IDs or in batch mode from Trivy scan output. Chains with devsecops-repo-analyzer to add external intelligence to reachability analysis findings. Use when the user asks to "look up a CVE", "enrich vulnerabilities", "check if a CVE is exploited in the wild", "get EPSS score", "map CVEs to ATT&CK", "prioritize vulnerabilities", "check CISA KEV", or "explain this vulnerability to my team".

2026-04-13
doc-intelligence-agent
정보 보안 분석가

Performs deep documentation analysis on software repositories to build a comprehensive product context profile used to validate and enrich security vulnerability findings. Use when analyzing repositories for security assessments, when security scanner findings need context about the application's actual runtime environment, when evaluating whether scanner-reported vulnerabilities are mitigated by existing security controls, or when preparing security PRs that reference deployment architecture, authentication model, sandboxing, encryption, and audit logging. Covers documentation analysis, product context extraction, security architecture mapping, deployment security, API surface analysis, and vulnerability context adjustment.

2026-04-13
threat-intel-monitor
정보 보안 분석가

Continuous threat intelligence monitoring agent for DevSecOps. Monitors CISA KEV (Known Exploited Vulnerabilities), OSV.dev, NVD, and GitHub Advisory Database for newly disclosed CVEs, then cross-references them against dependency inventories from previously analyzed repositories to detect exposure. Use when asked to check for new threats, monitor CVEs, run a threat intel scan, detect new vulnerabilities affecting monitored repos, or schedule recurring vulnerability monitoring. Part of the GRIMSEC DevSecOps agent suite. Integrates with devsecops-repo-analyzer inventory outputs.

2026-04-13
executive-reporting-agent
컴퓨터·정보 시스템 관리자최고 경영자

Generates executive-level security posture reports for CISOs, CTOs, and board members. Translates raw DevSecOps findings into business impact metrics including financial risk quantification, compliance alignment, MTTR benchmarking, supply chain exposure, and engineering velocity impact. Use when asked to create executive reports, board presentations, security ROI analysis, risk quantification, compliance mapping, or leadership briefings from security scan data. Chains with devsecops-repo-analyzer, cicd-pipeline-auditor, and vulnerability-context-enricher outputs.

2026-04-13
dast-scanner
정보 보안 분석가

Dynamic Application Security Testing (DAST) skill for the GRIMSEC DevSecOps agent suite (Agent 7). Performs runtime vulnerability detection on running web applications using Nuclei and OWASP ZAP. Use when performing DAST, dynamic testing, black-box scanning, web application security testing, ZAP scanning, Nuclei scanning, OWASP testing, or runtime vulnerability detection against a live target URL or Docker-hosted application.

2026-04-13
exploit-validation-agent
정보 보안 분석가

GRIMSEC Agent 8 — Exploit Validation Agent. Use when validating security findings from devsecops-repo-analyzer with Real Risk Score >= 7. Generates proof-of-concept exploits, proves exploitability through static analysis and code tracing, and produces structured validation reports. Triggered by keywords: exploit validation, PoC generation, prove exploitability, validate finding, RRS >= 7, reachability-analysis.json, grimsec validation, devsecops exploit, security finding confirmation.

2026-04-13
이 저장소에서 수집된 skills 12개 중 상위 8개를 표시합니다.
저장소 1개 중 1개 표시
모든 저장소를 표시했습니다
camgrimsec Agent Skills | SkillsMP