Skill UI

This skill scrapes Substack Notes analytics by extracting key engagement metrics (likes, comments, restacks) and content details. It overcomes the lack of a public API, allowing users to analyze performance data from a specified date range into a highly formatted, actionable Excel spreadsheet. The output includes detailed per-note data, total engagement calculations, and summary statistics.

Run arbitrary PySpark or pure Python code directly on Fabric Spark compute using the Livy API. These sessions are ephemeral, meaning no notebook artifacts are created or persisted, making it ideal for automated ETL processes, programmatic data transformations, or agent-driven compute workflows. Provides full read/write access to lakehouse Delta tables via Spark SQL.

This skill enables querying Delta Lake tables and raw files stored in OneLake using DuckDB. It supports two primary modes: local execution via CLI/Python for ad-hoc analysis, and in-notebook execution within Fabric, combining DuckDB's speed with notebook context. Ideal for data exploration, schema discovery, and data quality validation across the Fabric ecosystem.

A specialized tool for scientific data visualization, acting as a visualization advisor to analyze data, recommend chart types, prevent common errors, and generate publication-grade figures.

This guide demonstrates how to use the pycti Python client to model complex cyber threat intelligence within the OpenCTI platform. It structures threat actors, intrusion sets, campaigns, and TTPs into a unified STIX 2.1 knowledge graph. The skill is essential for correlating fragmented data from multiple sources (IOCs, reports) into a comprehensive, queryable adversary picture, supporting advanced threat hunting and detection engineering.

KAPE is a powerful, Windows-native triage tool used for Digital Forensics and Incident Response (DFIR). It executes in two phases: 'Targets' collect raw forensic artifacts (like registry hives, event logs, and prefetch files) from live systems, while 'Modules' parse this collected data into normalized, analyst-ready CSV/JSON formats. It enables fast, defensible, and scalable artifact collection, especially when full disk imaging is impractical.