SkillsMay 11, 2026·2 min read

Security Investigator — Copilot Security Investigation Kit

Security Investigator is an investigation system combining Copilot/Agent Skills with security tooling to triage suspicious changes and threats faster.

Script Depot
Script Depot · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Native · 98/100Policy: allow
Agent surface
Any MCP/CLI agent
Kind
Skill
Install
Single
Trust
Trust: Established
Entrypoint
Asset
Universal CLI install command
npx tokrepo install 1368ef7b-1ee3-42e8-86fb-c31edbb9d7b4
install contractmetadata JSONadapter planraw content
Intro

Security Investigator is an investigation system combining Copilot/Agent Skills with security tooling to triage suspicious changes and threats faster.

  • Best for: Security teams prototyping Copilot-assisted investigations with a repeatable repo workflow
  • Works with: Python environment + VS Code + external security services; includes templates for MCP and config files
  • Setup time: 35 minutes

Practical Notes

  • Setup time ~35 minutes (clone + venv + requirements + config templates)
  • README highlights 25 specialized Agent Skills as building blocks for investigations
  • GitHub stars + forks (verified): see Source & Thanks

For teams adopting this repo, treat it like a playbook:

  • Start with one investigation workflow (e.g., secrets triage) and harden it.
  • Lock down tokens/credentials and avoid storing them in repo files.
  • Add an audit trail: record what prompts ran, what tools were called, and what evidence was collected.

Because investigation systems can touch sensitive data, run a dry “safe mode” first: use dummy credentials and verify the workflow never calls destructive actions by default.

FAQ

Q: Is this only for Copilot? A: The project is designed around Copilot/Agent Skills, but the workflows and prompts can inspire similar setups in other agent environments.

Q: How do I avoid leaking secrets? A: Keep tokens in env/secret stores, sanitize logs, and review generated artifacts before sharing.

Q: What is a safe first milestone? A: One end-to-end workflow that produces repeatable output with dummy credentials and no destructive calls.

🙏

Source & Thanks

Source: https://github.com/SCStelz/security-investigator > License: MIT > GitHub stars: 198 · forks: 51

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Bandit — Python Security Linter for Finding Vulnerabilities

Bandit is a static analysis tool designed to find common security issues in Python code, scanning for hardcoded passwords, SQL injection, unsafe deserialization, and more.

Skills
Script Depot

Gosec — Security Scanner for Go Source Code

A static analysis tool that inspects Go source code for security vulnerabilities by scanning the AST for patterns like SQL injection, hardcoded credentials, insecure crypto usage, and other common security issues.

Skills
Script Depot

FauxPilot — Self-Hosted GitHub Copilot Alternative

FauxPilot is an open-source server that provides GitHub Copilot-compatible code completion using locally hosted language models, giving teams private AI-assisted coding without sending code to external services.

Skills
Script Depot

Mimikatz — Windows Credential Security Research Tool

A security research tool for testing Windows credential protection mechanisms, widely used by penetration testers and red teams to audit authentication security.

Skills
Script Depot
Home🔍Search👤Me