{"id":"24af6296-9bec-4af4-b634-d5c4e4317d17","shortId":"sdUnVR","kind":"skill","title":"Triage active security incidents with AI-augmented workflows in Valhuntir CLI","tagline":"Guide live digital-forensics and incident-response work with human approval gates when the job is evidence review and triage, not general MCP setup.","description":"# Triage active security incidents with AI-augmented workflows in Valhuntir CLI\n\nGuide live digital-forensics and incident-response work with human approval gates when the job is evidence review and triage, not general MCP setup.\n\n## Prerequisites\n\nValhuntir CLI and gateway components, forensic artifacts, and an MCP-compatible local client under human analyst control\n\n## Installation\n\nUse the upstream install or setup path that matches your environment:\n- git clone https://github.com/AppliedIR/sift-mcp.git && cd sift-mcp\n- git clone https://github.com/AppliedIR/wintools-mcp.git; cd wintools-mcp\n- git clone https://github.com/AppliedIR/sift-mcp.git\n\nRequirements and caveats from upstream:\n- OSD[\"OpenSearch<br/>Docker :9200\"]\n- The **Examiner Portal** (vhir portal) is the primary review interface — an 8-tab browser UI where examiners review, edit, approve, and reject findings and timeline events. The Commit button requires the examiner's pas...\n- | OpenSearch | SIFT (Docker) | 9200 | Evidence search engine. Local or remote. Optional. |\n\nBasic usage or getting-started notes:\n- Valhuntir is **LLM client agnostic** — connect any locally installed MCP-compatible client through the gateway. Supported clients include Claude Code, Claude Desktop, Cherry Studio, self-hosted LibreChat, and any clie...\n- With [opensearch-mcp](https://github.com/AppliedIR/opensearch-mcp), evidence is parsed programmatically and indexed into OpenSearch, giving the LLM 17 purpose-built query tools instead of consuming billions of tokens...\n- | **Valhuntir + OpenSearch** | Above + evidence indexing | 32 GB | 32 GB | 100 GB + evidence/extractions/indices | OpenSearch JVM 6 GB, container 8 GB. Can run on separate host. |\n\n- Source: https://github.com/AppliedIR/Valhuntir\n- Extracted from upstream docs: https://raw.githubusercontent.com/AppliedIR/Valhuntir/HEAD/README.md\n\n## Documentation\n\n- https://github.com/AppliedIR/Valhuntir#readme\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli/)","tags":["triage","active","security","incidents","with","augmented","workflows","valhuntir","cli","skills","agentskillexchange","agent-skills"],"capabilities":["skill","source-agentskillexchange","skill-triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (2,088 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:12:53.593Z","embedding":null,"createdAt":"2026-05-18T13:20:00.851Z","updatedAt":"2026-05-18T19:12:53.593Z","lastSeenAt":"2026-05-18T19:12:53.593Z","tsv":"'/appliedir/opensearch-mcp),':230 '/appliedir/sift-mcp.git':112,130 '/appliedir/valhuntir':281 '/appliedir/valhuntir#readme':292 '/appliedir/valhuntir/head/readme.md':288 '/appliedir/wintools-mcp.git;':121 '/skills/triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli/)':299 '100':263 '17':242 '32':259,261 '6':268 '8':151,271 '9200':139,177 'activ':2,40 'agent':294 'agentskillexchange.com':298 'agentskillexchange.com/skills/triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli/)':297 'agnost':196 'ai':7,45 'ai-aug':6,44 'analyst':94 'approv':25,63,159 'artifact':84 'augment':8,46 'basic':185 'billion':251 'browser':153 'built':245 'button':168 'caveat':133 'cd':113,122 'cherri':215 'claud':211,213 'cli':12,50,79 'clie':223 'client':91,195,204,209 'clone':109,118,127 'code':212 'commit':167 'compat':89,203 'compon':82 'connect':197 'consum':250 'contain':270 'control':95 'desktop':214 'digit':16,54 'digital-forens':15,53 'doc':285 'docker':138,176 'document':289 'edit':158 'engin':180 'environ':107 'event':165 'evid':31,69,178,231,257 'evidence/extractions/indices':265 'examin':141,156,171 'exchang':296 'extract':282 'find':162 'forens':17,55,83 'gate':26,64 'gateway':81,207 'gb':260,262,264,269,272 'general':36,74 'get':189 'getting-start':188 'git':108,117,126 'github.com':111,120,129,229,280,291 'github.com/appliedir/opensearch-mcp),':228 'github.com/appliedir/sift-mcp.git':110,128 'github.com/appliedir/valhuntir':279 'github.com/appliedir/valhuntir#readme':290 'github.com/appliedir/wintools-mcp.git;':119 'give':239 'guid':13,51 'host':219,277 'human':24,62,93 'incid':4,20,42,58 'incident-respons':19,57 'includ':210 'index':236,258 'instal':96,100,200 'instead':248 'interfac':149 'job':29,67 'jvm':267 'librechat':220 'live':14,52 'llm':194,241 'local':90,181,199 'match':105 'mcp':37,75,88,116,125,202,227 'mcp-compat':87,201 'note':191 'opensearch':137,174,226,238,255,266 'opensearch-mcp':225 'option':184 'osd':136 'pars':233 'pas':173 'path':103 'portal':142,144 'prerequisit':77 'primari':147 'programmat':234 'purpos':244 'purpose-built':243 'queri':246 'raw.githubusercontent.com':287 'raw.githubusercontent.com/appliedir/valhuntir/head/readme.md':286 'reject':161 'remot':183 'requir':131,169 'respons':21,59 'review':32,70,148,157 'run':274 'search':179 'secur':3,41 'self':218 'self-host':217 'separ':276 'setup':38,76,102 'sift':115,175 'sift-mcp':114 'skill':295 'skill-triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli' 'sourc':278,293 'source-agentskillexchange' 'start':190 'studio':216 'support':208 'tab':152 'timelin':164 'token':253 'tool':247 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'triag':1,34,39,72 'ui':154 'upstream':99,135,284 'usag':186 'use':97 'valhuntir':11,49,78,192,254 'vhir':143 'wintool':124 'wintools-mcp':123 'work':22,60 'workflow':9,47","prices":[{"id":"bd43a2ce-860a-4521-848e-059d0b980775","listingId":"24af6296-9bec-4af4-b634-d5c4e4317d17","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:20:00.851Z"}],"sources":[{"listingId":"24af6296-9bec-4af4-b634-d5c4e4317d17","source":"github","sourceId":"agentskillexchange/skills/triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli","isPrimary":false,"firstSeenAt":"2026-05-18T13:20:00.851Z","lastSeenAt":"2026-05-18T19:12:53.593Z"}],"details":{"listingId":"24af6296-9bec-4af4-b634-d5c4e4317d17","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"cb5647c4e7535613e78719e05eac00df532f4a6e","skill_md_path":"skills/triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Triage active security incidents with AI-augmented workflows in Valhuntir CLI","description":"Guide live digital-forensics and incident-response work with human approval gates when the job is evidence review and triage, not general MCP setup."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/triage-active-security-incidents-with-ai-augmented-workflows-in-valhuntir-cli"},"updatedAt":"2026-05-18T19:12:53.593Z"}}