A collection of Claude Code skills that automate security operations. Each skill teaches Claude how to work with a specific security platform — discovering available APIs, authoring configurations in the correct schema, validating against live environments, and deploying to production.
Skills are designed to be composable: use one skill to build a single automation, or combine several to implement end-to-end playbooks across your security stack.
| Skill | Platform | What It Does |
|---|---|---|
| fusion-workflow | CrowdStrike Falcon Fusion SOAR | Create, validate, import, execute, and export Fusion SOAR workflows. Discovers actions via the live API, authors YAML with correct schema and data references, handles CEL expressions, loop/conditional patterns, and manages the full workflow lifecycle. |
- Claude Code (or Skills compatible) CLI installed
- Clone the repository:
git clone https://github.com/eth0izzle/security-skills.git
cd security-skills
mv skills ~/.claude-
(Optionally) Some skills may require configuration. For example, the CrowdStrike Fusion workflow can understand your live environment and optimise your workflows.
-
Start Claude Code in the project directory:
claude- Ask Claude to build something:
/plan
> Create a workflow that contains a device and sends a Slack notification
> Create multiple workflows based on the attached BEC Playbook
> What CrowdStrike actions are available to help with forensics capture?
Claude will automatically use the appropriate skill based on your request.
Each skill lives under .claude/skills/<skill-name>/ and includes:
SKILL.md— the skill definition that Claude loads automaticallyscripts/— CLI tools for interacting with the platform APIreferences/— schema docs, expression syntax, best practicesassets/— templates and starter files
You can also use the scripts standalone without Claude Code:
# Example: search for actions in the CrowdStrike catalog
python .claude/skills/fusion-workflow/scripts/action_search.py --search "contain"
# Example: validate a workflow file
python .claude/skills/fusion-workflow/scripts/validate.py workflow.yamlTo add a new security skill:
- Create a directory under
skills/<skill-name>/ - Write a
SKILL.mdthat describes the skill's capabilities, prerequisites, and step-by-step workflow - Add scripts for API interaction, validation, and deployment
- Add reference docs for schema, syntax, and best practices
- Add template assets for common patterns
- Submit a pull request
See the fusion-workflow skill as a reference implementation.
MIT