Skills built for
defenders.
Write once in SKILL.md — Aegis compiles it to every platform format. System prompts, ChatGPT Actions, MCP endpoints. Deploy to Claude, Gemini, Cursor and any MCP-compatible tool without changing the source.
Aegis
Author defensive security skills in a portable SKILL.md format. One source compiles to system prompts, ChatGPT Actions, and MCP server manifests — deploy to any AI platform without rewriting.
Browse skills library→Themis
An AI-powered threat analysis engine. Decompose a security task, fan out to specialist skill agents in parallel, apply guardrails to every output, and synthesise a structured findings report.
Learn More→Universal Installation
Install once globally, use with Claude, ChatGPT, Cursor, Gemini, VS Code, or Antigravity CLI.
aegis init will:
- Detect your installed tools (Claude, ChatGPT, Cursor, Gemini, VS Code, Antigravity)
- Interactively select which tools to configure
- Inject skill manifests and system prompts to each tool
- Save configuration to
~/.aegisrc
Available Commands
Show installed skills and their status for each tool.
Reconfigure a specific tool (claude, chatgpt, cursor, gemini, vscode, antigravity-cli).
Audit API
POST to /api/audit to run a standards-based security audit against CIS, NIST CSF, ISO 27001, SOC 2, PCI-DSS, HIPAA, IEC 62443, or NIST 800-53.
Write SKILL.md
Author your skill in a single markdown bundle — metadata, phases, and guidance in one file.
Compile artifacts
Run aegis compile — generates a system prompt, OpenAI action schema, and MCP manifest.
Deploy anywhere
Push to Vercel. Paste the system prompt or wire the MCP endpoint — done in minutes.
| Name | Description | Tags | Phases | Health |
|---|---|---|---|---|
| Application security assessment workflow covering threat modelling, static analysis, dependency audi… | securityappsecsastapiowaspsupply-chaintestingowasp-top10mitre-attacknist-ssdf | 5 phases | ||
| Attack surface mapping and exposure analysis workflow. Triggers for: external attack surface assessm… | securityattack-surfacereconnaissanceexposurecloud-securityexternal-assetsmitre-attackowasp-asvs | 4 phases | ||
| End-to-end security compliance workflow covering scope definition, regulatory mapping, control asses… | securitycomplianceauditsoc2iso27001pci-dsshipaagdprnist-csfnist-csfcis-controlsiso-27001pci-dss | 5 phases | ||
| End-to-end deception engineering workflow for defensive security programs. Triggers for: honeypot de… | securitydeceptionhoneypothoneytokendefensiveot-securitymitre-engagemitre-attack | 5 phases | ||
| End-to-end digital forensics and incident response (DFIR) workflow. Covers evidence acquisition with… | securityforensicsincident-responsedfirvolatilitymemory-forensicsdisk-forensicschain-of-custodymitre-attack | 6 phases | ||
| Endpoint security workflow covering EDR deployment, baseline hardening, malware analysis, and endpoi… | securityendpointedrhardeningmalwareincident-responsemitre-attackcis-benchmarks | 4 phases | ||
| Security governance programme design and management. Covers policy framework development, programme… | securitygovernancepolicyriskcompliancemetricsboard-reportingtprmnist-csfiso-27001cis-controls | 4 phases | ||
| Comprehensive IAM programme covering identity governance (Joiners/Movers/Leavers), human authenticat… | securityiamidentitymfapamssorbacabacfido2secrets-managementagent-identitynist-csfowasp-asvscis-controls | 6 phases | ||
| Infrastructure security assessment workflow covering asset discovery, configuration baseline, patch… | securityinfrastructurehardeningpatch-managementcompliancecloudcis-benchmarksnist-csfmitre-attack | 5 phases | ||
| Comprehensive malware analysis workflow from sample triage through intelligence reporting. Covers sa… | securitymalwarethreat-intelligenceiocsandboxyaradynamic-analysismitre-attack | 6 phases | ||
| MITRE ATLAS adversarial ML/AI attack surface assessment and countermeasure planning workflow. Trigge… | securityai-securityadversarial-mlmitreatlasml-opsmitre-atlasmitre-attack | 2 phases | ||
| MITRE ATT&CK threat modelling workflow. Triggers for: adversary TTP mapping, threat actor profiling,… | securitythreat-intelligencettpmitreattack-frameworkmitre-attack | 3 phases | ||
| MITRE Engage adversary engagement and deception planning workflow. Triggers for: deception activity… | securitydeceptionadversary-engagementmitreengage-frameworkmitre-engagemitre-attack | 2 phases | ||
| Network security assessment and hardening workflow. Triggers for: network segmentation review, traff… | securitynetworksegmentationhardeningperimetermitre-attacknist-csf | 4 phases | ||
| OT/ICS security programme covering asset discovery, risk assessment, network security (ISA/IEC 62443… | securityot-securityicsscadaplchmiindustrialpurdue-modelisa62443nerc-cipisa-iec-62443mitre-attacknerc-cip | 5 phases | ||
| End-to-end binary reverse engineering workflow for security analysts. Covers safe sample handling, s… | securitymalwarereverse-engineeringbinary-analysisghidraida-prostatic-analysisdynamic-analysismitre-attack | 5 phases | ||
| End-to-end information security risk management programme covering risk identification, qualitative… | securityriskgrcrisk-registerrisk-appetitethreat-modellingfairnist-csfiso-31000fair-model | 5 phases | ||
| Security documentation authoring workflow for policies, runbooks, and incident response templates. T… | securitydocumentationpolicyrunbookincident-responsecomplianceiso-27001nist-csfsans-policies | 3 phases | ||
| Full security operations workflow covering the complete SOC operating model — from alert triage thro… | securitysocoperationsincident-responsethreat-intelligencevulnerability-managementmetricscompliancemitre-attacknist-csfsans-incident-responseiso-27035 | 8 phases | ||
| Proactive threat hunting workflow. Triggers for: structured hunt campaigns, TTP-based hypothesis gen… | securitythreat-huntingdetectionsiemhypothesistelemetrymitre-attacksqrll-hunting-maturity | 5 phases | ||
| Structured threat modelling workflow using STRIDE and PASTA methodologies. Triggers for: new system… | securitythreat-modelingarchitecturestrideriskstridepastamitre-attack | 4 phases |