From fbc47b7ac2f515242e1600e5e176b2f9fe789e4f Mon Sep 17 00:00:00 2001 From: "claude[bot]" Date: Tue, 21 Apr 2026 00:35:35 +0000 Subject: [PATCH] fix: replace word-split tags with domain-specific cybersecurity tags Three SKILL.md files had tags that were simply words split from the skill name (e.g., "analyzing", "block", "with", "logs") rather than meaningful discovery keywords. Replace with domain-specific terms that agents and search tools can actually use for routing. - analyzing-powershell-script-block-logging: [powershell, script-block-logging, event-id-4104, obfuscation-detection, windows-forensics, endpoint-security] - analyzing-azure-activity-logs-for-threats: [azure, cloud-security, azure-monitor, kql, threat-hunting, activity-logs] - analyzing-memory-forensics-with-lime-and-volatility: [memory-forensics, linux-forensics, lime, volatility, incident-response, kernel-modules] Co-Authored-By: Claude Code --- .../analyzing-azure-activity-logs-for-threats/SKILL.md | 8 +++++--- .../SKILL.md | 10 ++++++---- .../analyzing-powershell-script-block-logging/SKILL.md | 8 +++++--- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/skills/analyzing-azure-activity-logs-for-threats/SKILL.md b/skills/analyzing-azure-activity-logs-for-threats/SKILL.md index e578391b..10e795be 100644 --- a/skills/analyzing-azure-activity-logs-for-threats/SKILL.md +++ b/skills/analyzing-azure-activity-logs-for-threats/SKILL.md @@ -8,10 +8,12 @@ description: 'Queries Azure Monitor activity logs and sign-in logs via azure-mon domain: cybersecurity subdomain: security-operations tags: -- analyzing - azure -- activity -- logs +- cloud-security +- azure-monitor +- kql +- threat-hunting +- activity-logs version: '1.0' author: mahipal license: Apache-2.0 diff --git a/skills/analyzing-memory-forensics-with-lime-and-volatility/SKILL.md b/skills/analyzing-memory-forensics-with-lime-and-volatility/SKILL.md index a4d7a2db..65304380 100644 --- a/skills/analyzing-memory-forensics-with-lime-and-volatility/SKILL.md +++ b/skills/analyzing-memory-forensics-with-lime-and-volatility/SKILL.md @@ -8,10 +8,12 @@ description: 'Performs Linux memory acquisition using LiME (Linux Memory Extract domain: cybersecurity subdomain: security-operations tags: -- analyzing -- memory -- forensics -- with +- memory-forensics +- linux-forensics +- lime +- volatility +- incident-response +- kernel-modules version: '1.0' author: mahipal license: Apache-2.0 diff --git a/skills/analyzing-powershell-script-block-logging/SKILL.md b/skills/analyzing-powershell-script-block-logging/SKILL.md index 97e87827..15a7ce4f 100644 --- a/skills/analyzing-powershell-script-block-logging/SKILL.md +++ b/skills/analyzing-powershell-script-block-logging/SKILL.md @@ -6,10 +6,12 @@ description: Parse Windows PowerShell Script Block Logs (Event ID 4104) from EVT domain: cybersecurity subdomain: security-operations tags: -- analyzing - powershell -- script -- block +- script-block-logging +- event-id-4104 +- obfuscation-detection +- windows-forensics +- endpoint-security version: '1.0' author: mahipal license: Apache-2.0