Skill UI

Detects and analyzes Linux persistence vectors like crontabs, systemd units, LD_PRELOAD injections, shell profiles, and authorized_keys backdoors while correlating auditd and file integrity data to build a timeline and risk-scored report for SOC triage.

Guides enabling PowerShell, Sysmon, and AMSI telemetry plus crafting detection hunts that catch fileless malware, reflective DLL injections, WMI persistence, and registry-based execution techniques operating entirely in memory.

This skill performs a comprehensive security audit of Model Context Protocol (MCP) server configurations found in .mcp.json files. It is designed to identify critical vulnerabilities, including hardcoded secrets (API keys, tokens), dangerous shell injection patterns, unpinned dependencies, and compliance issues regarding approved server lists. Use this skill during security reviews, project onboarding, or pre-commit checks to ensure secure deployment.