PR Extension Workflow
CommunityEnhance PRs with better detection coverage.
AuthorMHaggis
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the challenge of ensuring that pull requests (PRs) for security detections are as comprehensive as possible, identifying and recommending extensions to cover gaps before merging.
Core Features & Use Cases
- Coverage Gap Analysis: Systematically identifies missing sub-techniques, tactic coverage, platform variants, and evasion techniques.
- Story Alignment: Checks if new detections are associated with relevant analytic stories or if new stories need to be created.
- Detection Quality Review: Provides a checklist for evaluating the quality and correctness of individual detection rules.
- Extension Recommendations: Offers concrete suggestions for additional detections, story updates, and test coverage.
- Use Case: When a developer submits a PR adding new detection rules for command-line abuse, this skill can automatically flag that while PowerShell and CMD are covered, JavaScript execution (T1059.007) is missing, and recommend adding a detection for it.
Quick Start
Analyze the current pull request for detection coverage gaps and recommend additional detections to extend its scope.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: PR Extension Workflow Download link: https://github.com/MHaggis/Security-Detections-MCP/archive/main.zip#pr-extension-workflow Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.