by @skills-il
Coordinate Israeli-built cybersecurity tools for security operations including threat triage, vulnerability management, compliance checking, and incident response. Use when user mentions security operations, "SOC", vulnerability scanning, threat triage, compliance assessment, or asks to coordinate Wiz, Snyk, Check Point, CyberArk, SentinelOne, Armis, Torq, or Pentera tools. Embeds Israeli security best practices including INCD guidelines and Israeli Privacy Protection Law compliance. Do NOT use for offensive security testing or creating exploits.
npx skills-il add skills-il/security-compliance --skill israeli-cybersecurity-opsDetermine which workflow the user needs:
| Workflow | When | Tools Involved |
|---|---|---|
| Incident Triage | Alert received, need to classify and respond | Wiz, SentinelOne, Snyk |
| Vulnerability Management | Scan results need prioritization | Snyk, Wiz, Pentera |
| Compliance Assessment | Need to check against framework | Wiz (cloud), Snyk (code) |
| Threat Investigation | Suspicious activity, need to investigate | SentinelOne, Check Point |
| Access Review | Need to audit privileged access | CyberArk |
For any security workflow, collect:
Phase 1: Alert Enrichment
Phase 2: Classification 4. Assess severity based on:
Phase 3: Response 6. If Critical/High: Immediate containment actions 7. If Medium: Add to sprint/backlog for remediation 8. If Low/FP: Document and close 9. Update tracking system (Monday.com if available)
Phase 1: Scan Collection
Phase 2: Prioritization Matrix 4. Score each finding:
Phase 3: Remediation Plan 6. For each "Fix Now" item: specific remediation steps 7. Group by team/owner for efficient assignment 8. Create tracking items with deadlines
Phase 1: Framework Selection
Phase 2: Control Assessment 5. Map Israeli-specific requirements:
Phase 3: Gap Report 7. Generate report with: Control, Status, Evidence, Gap, Remediation 8. Highlight Israeli-specific requirements separately
User says: "Wiz flagged a critical finding in our production AWS account" Actions: Follow Workflow A — retrieve Wiz finding details, assess blast radius, check for lateral movement indicators, provide containment recommendation.
User says: "Snyk found 15 high vulnerabilities in our Node.js app" Actions: Follow Workflow B — get Snyk details, check reachability, prioritize by exploitability, create remediation plan with specific version upgrades.
User says: "We need to check if we comply with Israeli privacy law" Actions: Follow Workflow C — map Israeli Privacy Protection Law requirements, check database registration status, review consent mechanisms, assess cross-border data flows.
scripts/security_triage.py — Structured security alert triage tool that calculates composite severity scores from CVSS, asset criticality, data sensitivity, and blast radius. Determines INCD reporting obligations for critical infrastructure and Privacy Authority notification for data breaches. Outputs classification, recommended response steps, and reporting deadlines. Run: python scripts/security_triage.py --helpreferences/incd-guidelines.md — Israel National Cyber Directorate reference covering CERT-IL, sector-specific regulators, critical infrastructure designations, the five-pillar INCD cyber defense framework (Identify/Protect/Detect/Respond/Recover), incident reporting timelines and channels, security best practices, and compliance mapping between Israeli Privacy Law, SOC2, and ISO 27001. Consult when assessing Israeli regulatory requirements or mapping security controls to compliance frameworks.Cause: Wiz or Snyk MCP server not configured
Solution: This skill works without MCP for guidance mode. For full integration, connect Wiz MCP via Claude Desktop settings or Snyk MCP via snyk mcp command.
Cause: Not enough information about the alert or environment Solution: Ask for: alert ID, affected asset, environment (prod/staging), data classification, and which detection tools are available.
Supported Agents
Trust Score
by @skills-il
Assist with Israeli legal research including legislation lookup, case law concepts, Hebrew legal terminology, and legal document preparation guidance. Use when user asks about Israeli law, "chok", "mishpat", "bagatz", court procedures, employment law, contract law, real estate law, or needs help with Hebrew legal terms. Covers civil, commercial, employment, and administrative law. Do NOT use for providing formal legal advice — always recommend consulting a licensed Israeli attorney (orech din). Do NOT use for non-Israeli legal systems.
by @skills-il
Israeli Privacy Protection Law compliance guidance including database registration, consent requirements, data security, cross-border transfers, and breach notification. Use when user asks about Israeli privacy law, "haganat pratiut", data protection in Israel, GDPR compliance for Israeli companies, privacy policy requirements, or database registration. Covers the Privacy Protection Law 1981 and 2017 Security Regulations. Do NOT use for EU GDPR-only questions without Israeli context.