Skip to main content
Skill MarketCurated agent workflows
EN中文
EN
Home · 首页/Testing & Debugging · 测试与调试/Investigating Insider Threat Indicators
#93
Ranked #93 of 94 in this category· 该品类排名 #93 / 共 94 个

Investigating Insider Threat Indicators

by Mahipal·4d ago

Structured playbook for SOC teams to detect, correlate, and document insider threat activity across DLP, endpoint, and HR data.

browserapilinuxAutomated screen · 自动筛查open source · 开源

Before you install安装前须知

No special access needs declared未声明特殊权限需求
Editor's verdict· 编辑结论

Skill explicitly requires authorization from HR, Legal, and Privacy before any monitoring begins.

— Editorial team · 编辑团队

Install via Skills CLI

Use npx skills add to install this skill into the selected agent. Phase 0 commands are generated from source rules, not verified.

Codex
npx skills add https://github.com/mukul975/Anthropic-Cybersecurity-Skills -g -a codex -y

Drop `-g` to install project-locally

Best for适合什么场景

  • Tier 2 SOC analysts handling insider threat referrals
  • Insider threat program leads building investigation timelines
  • DFIR teams preparing forensic packages for HR and Legal handoff

Not for不适合什么场景

  • External threat hunting without an authorized subject and scope
  • Adversarial penetration testing or red team engagements
  • Monitoring activities lacking documented legal and HR authorization

vs alternativesvs 其他选择

Full compare table完整对比表 →
#1QA Loop

Open the product, try the flow, fix what breaks, repeat.

4.9·15k stars
diff · 差异Best browser QA pick when you need evidence to leave a paper trail. Each run produces screenshots, console diffs, and a reproducible action log — much harder for stakeholders to wave off than "I tested it locally." Works well as a pre-merge gate and for filing bugs with repro steps attached. Not for unit tests, and not for authenticated production sessions where the screenshot itself becomes a data risk.
#2GStack QA

Open the app, test the flow, fix what breaks.

4.8·110k stars
diff · 差异Best when browser QA needs to close the loop — find the bug, propose the fix, verify the fix, leave evidence. Where qa-loop emphasizes evidence trails for stakeholder reporting, gstack-qa emphasizes shipping the fix in the same session. Strongest on frontend refactors and visual regressions. Same screenshot data-risk caveat as qa-loop: don't point it at authenticated production sessions where the screenshot itself becomes a leak.
#3GStack Investigate

No fixes until the root cause is real.

4.8·110k stars
diff · 差异Best when the bug lives inside the code itself, not in operational state. Same "no fixes until the root cause is real" discipline as incident-investigate, but biased toward static code investigation: reads suspect modules, builds a hypothesis tree, asks for a failing test or repro before proposing a change. Strongest on flaky tests and intermittent failures where shallow patches make things worse. For ops-side incidents (logs, traffic, infra), incident-investigate fits better.

Side-by-side compare维度对比

Key differences with same-lane alternatives
this skill · 当前Investigating Insider Threat IndicatorsQA LoopGStack QAGStack Investigate
Rating · 评分0.04.94.84.8
Stars · 星标16k15k110k110k
Risk · 风险Automated screen · 自动筛查Medium risk · 中风险Medium risk · 中风险Low risk · 低风险
Best for · 最适合Tier 2 SOC analysts handling insider threat referralsBrowser smoke testsOpen the app, test the flow, fix what breaks.No fixes until the root cause is real.
Not for · 不适合External threat hunting without an authorized subject and scopePure unit testingWorkflows that require stronger human review than this catalog entry documents.Workflows that require stronger human review than this catalog entry documents.

Audit notes审计备注

last reviewed 2026-06-10 · 复查
Source源码open on GitHub · 公开
Author作者community · 社区!
Network网络访问read-only · 只读
Filesystem文件写入sandboxed · 沙箱
Dependencies依赖audited · 已审计
Telemetry遥测none · 无
Skill Market
Find the best AI skills for the job·按品类找最好用的 AI 技能
v0.4 · 1286 skills indexed · last review 2026-06-10