A community-driven collection of DFIR / incident response skills: reusable prompts, workflows, and helper files that help practitioners move faster, stay consistent, and maybe—just maybe—get some sleep.
- Pick a skill from
skills/README.md - Copy/paste it into your AI assistant (Claude, Codex, etc.)
- Feed it your artifacts when prompted
- Watch the magic happen ✨
Pro tip: Keep placeholders like {{time_window}} as-is—fill them in when the skill asks for them.
Think of a skill as a cheat code for IR. It's a small, reusable artifact you can copy/paste into your AI assistant or playbook to get consistent, high-quality outputs every time.
Each skill is designed to:
| Feature | Why It Matters |
|---|---|
| 📥 Clear inputs & outputs | No guessing games |
| 🎯 Explicit about unknowns | Fewer hallucinations, more facts |
| 🔒 Safe-by-default | Evidence handling & privacy baked in |
skills/
├── README.md # Start here → skill catalog
├── _templates/
│ └── skill.md # Template for new skills
└── <category>/
└── <skill-id>/
├── skill.md # The skill entrypoint
└── helpers/ # Query snippets, regex, parsers
Skills are folders of instructions that Claude loads dynamically:
- Use the skill's Skill prompt as workflow instructions
- Provide inputs in-chat when prompted
- Keep
{{placeholders}}intact—fill values in the corresponding sections
Codex loads skills from a dedicated folder (e.g., $REPO_ROOT/.codex/skills):
- Mirror or symlink skills from
skills/to your Codex skill location - Invoke skills explicitly (mention them) or let Codex pick them up implicitly
- Provide artifacts as inputs; keep
{{...}}placeholders as-is
- Copy
skills/_templates/skill.md - Create
skills/<category>/<skill-id>/skill.md - Keep it practical, tool-agnostic where possible
- Test on real (or realistic) artifacts
Coming soon: Metadata validator and detailed contribution guidelines.
- Claude Skills — Anthropic's skill system
- OpenAI Codex Skills — OpenAI's approach
MIT — Use it, fork it, improve it.
Made with ☕ and mild panic by the DFIR community