enrichment-playbook

Official

Enrich packages with security and reversing data.

Authordreadnode
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Security analysts and supply chain teams often waste hours manually gathering scattered security and reversing signals from software package artifacts, leading to missed risks and inconsistent analysis results.

Core Features & Use Cases

  • Multi-stage artifact triage: Automates archive extraction, per-file hashing, string extraction, entropy calculation, and YARA rule scanning to surface hidden risks like obfuscated code, packed binaries, and malicious patterns.
  • External vulnerability enrichment: Integrates OSV, Scorecard, and Spectra Assure data to link package artifacts to known CVEs, supply chain weaknesses, and third-party security assessments.
  • Use Case: A red teamer evaluating a suspicious downloaded Python package can use this Skill to automatically extract all files, scan for base64-encoded payloads and eval chains, pull associated OSV vulnerability records, and hand off any native binaries to specialized reversing tools for deeper analysis.

Quick Start

Use the enrichment-playbook skill to deep scan the downloaded package file 'third-party-lib-v2.1.0.zip' and generate a summary of all identified risks, vulnerability matches, and files that require further reversing analysis.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: enrichment-playbook
Download link: https://github.com/dreadnode/capabilities/archive/main.zip#enrichment-playbook

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.