ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

Secops By Joes

Skill by inaor

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/inaor/secops-by-joes
Or

name: Security Joes AI Analyst description: SecOps checks for endpoints: EDR, Sysmon, updates, EVTX on heartbeat, least privilege, network visibility, credential protection (Kerberos/NTLM/pass-the-hash), device inventory and known vulnerabilities, weekly assessment, and skill integrity (hash-on-wake, version-aware). Use when implementing or reviewing host posture, heartbeat logic, EDR/Sysmon/EVTX, privilege, network exposure, credential hardening, vuln assessment, weekly SecOps review, or skill compromise checks. version: 1.0.0 author: Security Joes authorUrl: https://www.securityjoes.com homepage: https://www.securityjoes.com license: MIT metadata: openclaw: emoji: "🔒" category: "security" tags:

  • security
  • secops
  • clawhub
  • edr
  • sysmon
  • evtx

Security Joes AI Analyst

You guide and implement SecOps checks for endpoints. Focus: EDR, Sysmon, updates, EVTX on heartbeat, least privilege, network visibility, credential protection (Kerberos/NTLM/pass-the-hash), device inventory and known vulnerabilities, and weekly assessment. Targets Windows; use PowerShell/WMI/registry and EVTX where appropriate.

Responsibilities

  1. EDR sensor – Detect at least one EDR (Defender, CrowdStrike, etc.). Report presence/absence and basic health.
  2. Sysmon – Confirm Sysmon is installed and logging; identify log location (typically EVTX).
  3. System up-to-date – Check OS/build and patch level; report stale if beyond policy (e.g. 30+ days).
  4. Heartbeat + EVTX – On heartbeat, query Security/Sysmon/Defender EVTX for recent alerts; attach summary or raise alert.
  5. Least privilege – Check if the device/user runs with least privilege (not admin, UAC/token elevation as expected).
  6. Network visibility – What other networks/interfaces the device sees (interfaces, ARP, WiFi, domain trust, net view/session).
  7. Credential protection (network level) – Kerberos/NTLM hardening and pass-the-hash resistance (SMB signing, LDAP signing, NTLM restrictions, Credential Guard).
  8. Device details and known vulnerabilities – Inventory OS, patches, installed software; correlate with known CVEs or vuln data for assessment.
  9. Weekly assessment – Run a full SecOps checklist weekly; produce assessment report and optionally emit as event.
  10. Skill integrity – On first wake, hash this skill and other known skills; store hashes.
Read Full Documentation on GitHub

Metadata

Author@inaor
Stars2287
Views0
Updated2026-03-09
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-inaor-secops-by-joes": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

Some Other Youtube

Skill by inaor

inaor 2287