Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .agents/plugins/marketplace.json
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,18 @@
"authentication": "ON_INSTALL"
},
"category": "Developer Tools"
},
{
"name": "cybersecurity-skills",
"source": {
"source": "local",
"path": "./plugins/cybersecurity-skills"
},
"policy": {
"installation": "AVAILABLE",
"authentication": "ON_INSTALL"
},
"category": "Developer Tools"
}
]
}
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ Currently available from the catalog:
- `cardhop-app`
- `cloud-deployment-skills`
- `cloud-inference-skills`
- `cybersecurity-skills`
- `messaging-collaboration-skills`
- `agentdeck`
- `dotnet-skills`
Expand Down Expand Up @@ -134,6 +135,7 @@ Current Socket catalog shape:
- `cardhop-app`: mixed skill plus bundled MCP server for Cardhop.app contact workflows
- `cloud-deployment-skills`: cloud provider deployment routing, official provider plugin selection, credential and mutation boundary checks, and AWS handoff to the official AWS Agent Toolkit rather than duplicated AWS MCP, CLI, or SAM setup
- `cloud-inference-skills`: cloud AI inference, training, model conversion, and GPU infrastructure routing for Runpod, Hugging Face, AWS, Vast.ai, CoreWeave, and similar providers, with bundled Runpod MCP server configuration, upstream Runpod skill mirrors, and first-party Hugging Face/AWS handoffs
- `cybersecurity-skills`: suspicious-content triage, evidence preservation, malware analysis, isolation, agentic security-tool controls, macOS investigation and defense, vulnerability validation, authorized web/API and network testing, incident response, threat hunting, detection content, and clear non-specialist advice
- `messaging-collaboration-skills`: chat-app, bot, business-messaging, meeting-collaboration, iMessage collaboration, Communication Notifications, Push to Talk, VoIP/SIP, documented iOS/iPadOS default communication roles, and app-owned macOS client workflows for Discord, Telegram, Slack, Teams, WhatsApp Business, SMS/MMS/RCS, Google Meet, and Apple communication surfaces, with explicit Signal and Mac operator-automation boundaries
- `agentdeck`: local Codex runtime utilities, starting with hooks that prefix generated Codex thread titles with the project directory name
- `dotnet-skills`: .NET, F#, and C# project-shape, bootstrap, implementation, test, package, diagnostics, ASP.NET Core, interop, CI, upgrade, and tooling guidance
Expand Down
38 changes: 38 additions & 0 deletions ROADMAP.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
- [Milestone 24: Apple system integration, runtime evidence, and distribution workflows](#milestone-24-apple-system-integration-runtime-evidence-and-distribution-workflows)
- [Milestone 25: Apple Creator Studio operator workflows](#milestone-25-apple-creator-studio-operator-workflows)
- [Milestone 26: Messaging collaboration skills plugin](#milestone-26-messaging-collaboration-skills-plugin)
- [Milestone 27: Cybersecurity skills plugin](#milestone-27-cybersecurity-skills-plugin)
- [Small Tickets](#small-tickets)
- [Backlog Candidates](#backlog-candidates)
- [History](#history)
Expand Down Expand Up @@ -67,6 +68,7 @@
- Milestone 24: Apple system integration, runtime evidence, and distribution workflows - Planned
- Milestone 25: Apple Creator Studio operator workflows - Planned
- Milestone 26: Messaging collaboration skills plugin - Completed
- Milestone 27: Cybersecurity skills plugin - Planned

## Milestone 5: SwiftASB skills plugin

Expand Down Expand Up @@ -861,6 +863,42 @@ Completed
- [x] The root documentation, marketplace, plan, and validation agree on the shipped inventory.
- [x] Apple requests route to an explicit system contract or app-owned responsibility without claiming undocumented macOS default messaging/calling, Apple Messages access, or Phone automation.

## Milestone 27: Cybersecurity skills plugin

### Status

Completed

### Scope

- [x] Add a dedicated Socket-hosted `cybersecurity-skills` child plugin for suspicious-content triage, malware analysis, safe isolation, macOS defense, vulnerability validation, authorized security testing, incident response, detection content, and understandable defensive advice.
- [x] Keep the first release guidance-only: no bundled scanners, malware or exploit samples, privileged helper, daemon, hook, MCP server, VM/container image, remote-sandbox credential, or autonomous active-testing runtime.
- [x] Keep `reverse-engineering-skills` focused on compiled artifacts and binary internals; use explicit handoffs instead of absorbing reverse engineering into the new plugin.
- [x] Route repository-wide and diff-based source scanning to Codex Security when it is available rather than duplicating its scan pipeline.
- [x] Make the suspicious-content-to-macOS-defense path the first installable release, with vulnerability and incident-response expansion built on the same evidence, confidence, isolation, and reporting records.

### Tickets

- [x] Record the architecture, ownership, safety, source, validation, and phased implementation plan in [`docs/maintainers/cybersecurity-skills-plugin-plan.md`](./docs/maintainers/cybersecurity-skills-plugin-plan.md).
- [x] Create `plugins/cybersecurity-skills/` with `.codex-plugin/plugin.json`, `AGENTS.md`, authored `skills/`, assets, and focused child validation.
- [x] Add the root marketplace entry as unavailable while the plugin is a placeholder; switch it to installable only after a usable skill slice exists.
- [x] Add shared routing, evidence preservation, confidence/explanation, isolation selection, and agentic-security-tool workflows.
- [x] Add suspicious-content triage, privacy-aware reputation, static/dynamic malware analysis, suspicious script/document, YARA-X, and behavior-mapping workflows.
- [x] Add macOS threat assessment, persistence, runtime activity, Objective-See adapter, containment/recovery, and hardening workflows.
- [x] Add authorized-test scoping, vulnerability triage/validation/exposure, web/API and network testing, and security-assessment reporting in fixture-validated slices.
- [x] Add incident triage, containment, recovery, threat hunting, and detection-content workflows on the shared records after the earlier defensive slices validated.
- [x] Forward-test benign lookalikes, isolation failures, macOS-control separation, privacy-aware reputation, scanner false positives, reachable/unreachable vulnerabilities, incident containment, detection fixtures, and non-specialist advice.
- [x] Export portable skills through the Hermes tap and validate each host-specific or future MCP/runtime decision explicitly.
- [x] Update root README inventory text, marketplace metadata, architecture metadata, and validation when the plugin becomes installable.

### Exit Criteria

- [x] An agent can move from an ambiguous suspicious artifact or activity report to preserved evidence, an appropriate isolation boundary, a confidence-calibrated assessment, and clear immediate advice.
- [x] macOS workflows distinguish signing, notarization, quarantine, XProtect, Gatekeeper, TCC, SIP, process/file/network behavior, persistence, containment, and verified recovery.
- [x] Vulnerability and authorized-testing workflows require explicit scope and validate exploitability and exposure rather than treating scanner output, CVSS, or an exploit template as proof.
- [x] Deep binary work, repository source scanning, Apple implementation, and stack-specific fixes have explicit owner handoffs with no duplicate catch-all workflows.
- [x] Root documentation, marketplace wiring, Codex/Hermes compatibility, plugin metadata, and validation agree on the shipped skill inventory.

## Small Tickets

- [ ] Record issue-sized fixes, TODO/FIXME imports, and cleanup work that is too small or too unplanned for a milestone.
Expand Down
Loading