About
The `secops-triage` skill provides expert, structured guidance for triaging security alerts, strictly following a defined Alert Triage Protocol. It intelligently adapts its workflow by first checking for available tools (Remote or Local) and mapping to the correct ones for capabilities like searching events or listing cases. Developers should use this skill when a user explicitly asks to "triage" an alert or security case.
Quick Install
Claude Code
Recommendednpx skills add google/mcp-security -a claude-code/plugin add https://github.com/google/mcp-securitygit clone https://github.com/google/mcp-security.git ~/.claude/skills/secops-triageCopy and paste this command in Claude Code to install this skill
GitHub Repository
Frequently asked questions
What is the secops-triage skill?
secops-triage is a Claude Skill by google. Skills package instructions and resources that Claude loads on demand, so Claude can perform secops-triage-related tasks without extra prompting.
How do I install secops-triage?
Use the install commands on this page: add secops-triage to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.
What category does secops-triage belong to?
secops-triage is in the security_operations category, tagged design.
Is secops-triage free to use?
Yes. secops-triage is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.
Related Skills
The `secops-hunt` skill provides expert, proactive threat hunting guidance, specifically when users need to search for threats, IOCs, or TTPs. It intelligently adapts its workflow by first checking for available remote or local security tools and mapping the correct one for each task. Its core capability is translating user queries into actionable searches to identify undetected threats in the environment.
This skill provides expert guidance for deep security investigations when users ask to examine a case, entity, or incident. It functions as a Tier 2/3 SOC Analyst, offering a structured workflow that adapts to available tools (Remote or Local) using a defined tool mapping. Its key capability is to thoroughly investigate security events by checking tool availability and executing appropriate search and analysis actions.
This skill provides a production-tested setup for Content Collections, a TypeScript-first tool that transforms Markdown/MDX files into type-safe data collections with Zod validation. Use it when building blogs, documentation sites, or content-heavy Vite + React applications to ensure type safety and automatic content validation. It covers everything from Vite plugin configuration and MDX compilation to deployment optimization and schema validation.
This skill enables developers to build applications with the Polymarket prediction markets platform, including API integration for trading and market data. It also provides real-time data streaming via WebSocket to monitor live trades and market activity. Use it for implementing trading strategies or creating tools that process live market updates.
