Install, configure, operate, and debug CrowdSec — straight from your terminal, with Claude doing the heavy lifting.
This is an Agent Skill that turns Claude/Codex/... into a
hands-on CrowdSec operator. Ask it to stand up an engine, wire a bouncer, enable
the WAF, or figure out why nothing's getting blocked — it knows the cscli
commands, the config layout, the failure modes, and the safe way through each of
them across bare-metal/systemd, Docker, OpnSense and Kubernetes/Helm.
| Area | Covered |
|---|---|
| Install | bare-metal/systemd · Docker · Kubernetes/Helm · OpnSense · Console enrollment |
| Bouncers | firewall (iptables/nftables/ipset) · nginx · traefik · caddy · apache · and more |
| WAF / AppSec | deploy · configure · troubleshoot the AppSec component |
| Hub | install collections/parsers/scenarios · update · debug |
| Configure | acquisition · profiles & ban durations · notifications · allowlists |
| Operate | health checks & smoke tests · upgrades & rollback · multi-server / remote LAPI / mTLS |
| Debug | logs not parsing · no alerts firing · bouncer not blocking · specific errors |
The skill loads automatically once installed. Just talk to Claude about CrowdSec.
On Claude
/plugin marketplace add crowdsecurity/crowdsec-skill
/plugin install crowdsec@crowdsecurity
Update later with:
/plugin marketplace update crowdsecurity
On Codex: install the skill with:
skill-installer crowdsecurity/crowdsec-skill
On Claude.ai (web)
Download crowdsec-skill-vX.Y.Z.zip from the
latest release
and upload it in the web skill uploader.
Or directly with skills.sh
npx skills add crowdsecurity/crowdsec-skillOnce installed, Claude picks the skill up whenever your prompt involves CrowdSec:
- "Install CrowdSec on this server and set up the nginx bouncer."
- "Deploy CrowdSec in my Kubernetes cluster and enroll it in the Console."
- "Enable the WAF / AppSec on my server."
- "CrowdSec doesn't detect attacks on my nginx server, why?"
- "There's a decision for this IP but it's not being blocked."
- "Migrate my fail2ban jails to CrowdSec."
This is an operational skill. It deploys, configures, and debugs CrowdSec — it does not author detection content. Writing a parser, scenario, or WAF (AppSec) rule is out of scope.
For authoring, head to the CrowdSec Hub and the detection-engineering docs.
Issues and PRs welcome. Improvements to the reference docs and new environment coverage are appreciated. If you see anything missing or wrong, don't hesitate to open a PR.
- CrowdSec: https://www.crowdsec.net
- Documentation: https://docs.crowdsec.net
- Hub: https://hub.crowdsec.net
- Console: https://app.crowdsec.net
MIT — see LICENSE.