# Security Investigator — Copilot Security Investigation Kit > Security Investigator is an investigation system combining Copilot/Agent Skills with security tooling to triage suspicious changes and threats faster. ## Install Save the content below to `.claude/skills/` or append to your `CLAUDE.md`: ## Quick Use 1. Install / run: ```bash git clone https://github.com/SCStelz/security-investigator.git && cd security-investigator && python -m venv .venv && . .venv/bin/activate ``` 2. Start / smoke test: ```bash pip install -r requirements.txt ``` 3. Verify: - Follow the README TL;DR setup and run one investigation prompt in Copilot Agent mode; confirm it produces a structured investigation output without exposing secrets. ## Intro Security Investigator is an investigation system combining Copilot/Agent Skills with security tooling to triage suspicious changes and threats faster. - **Best for:** Security teams prototyping Copilot-assisted investigations with a repeatable repo workflow - **Works with:** Python environment + VS Code + external security services; includes templates for MCP and config files - **Setup time:** 35 minutes ## Practical Notes - Setup time ~35 minutes (clone + venv + requirements + config templates) - README highlights 25 specialized Agent Skills as building blocks for investigations - GitHub stars + forks (verified): see Source & Thanks For teams adopting this repo, treat it like a playbook: - Start with one investigation workflow (e.g., secrets triage) and harden it. - Lock down tokens/credentials and avoid storing them in repo files. - Add an audit trail: record what prompts ran, what tools were called, and what evidence was collected. Because investigation systems can touch sensitive data, run a dry “safe mode” first: use dummy credentials and verify the workflow never calls destructive actions by default. ### FAQ **Q: Is this only for Copilot?** A: The project is designed around Copilot/Agent Skills, but the workflows and prompts can inspire similar setups in other agent environments. **Q: How do I avoid leaking secrets?** A: Keep tokens in env/secret stores, sanitize logs, and review generated artifacts before sharing. **Q: What is a safe first milestone?** A: One end-to-end workflow that produces repeatable output with dummy credentials and no destructive calls. ## Source & Thanks > Source: https://github.com/SCStelz/security-investigator > License: MIT > GitHub stars: 198 · forks: 51 --- ## 快速使用 1. 安装 / 运行: ```bash git clone https://github.com/SCStelz/security-investigator.git && cd security-investigator && python -m venv .venv && . .venv/bin/activate ``` 2. 启动 / 冒烟测试: ```bash pip install -r requirements.txt ``` 3. 验证: - 按 README 的 TL;DR 完成配置后,在 Copilot Agent 模式跑一次调查指令;确认输出结构化结果且不会把敏感信息写入日志/产物。 ## 简介 Security Investigator 是一个安全调查自动化系统:结合 GitHub Copilot 与 Agent Skills,把常见的威胁排查流程工具化,帮助更快定位可疑代码变更、泄密与威胁情报线索。 - **适合谁:** 希望把 Copilot 辅助安全调查做成可复用流程的安全团队/蓝队 - **可搭配:** 需要 Python 环境 + VS Code + 外部安全服务;仓库提供 MCP 与配置模板文件 - **准备时间:** 35 分钟 ## 实战建议 - 准备时间约 35 分钟(克隆 + 虚拟环境 + 依赖安装 + 配置模板) - README 提到包含 25 个专用 Agent Skills,可作为调查积木复用 - GitHub stars / forks(已核验):见「来源与感谢」 落地建议:把它当作 playbook 使用: - 先选一个调查工作流(例如 secrets 排查)跑通并加固。 - 令牌/凭据严格隔离,不写入仓库文件与日志。 - 形成审计链:记录提示词、工具调用、证据来源与结论。 安全系统往往接触敏感数据,建议先跑一轮“安全模式”演练:用假凭据验证默认不会触发破坏性操作,确认再接真实环境。 ### FAQ **只适用于 Copilot 吗?** 答:项目围绕 Copilot/Agent Skills 设计,但工作流与提示也可迁移到其它 agent 环境作为参考。 **怎么避免泄密?** 答:令牌放到环境变量/密钥管理中;日志脱敏;产物对外分享前先审查。 **第一个安全里程碑是什么?** 答:用假凭据跑通一个端到端流程:输出可复现,且默认不做破坏性调用。 ## 来源与感谢 > Source: https://github.com/SCStelz/security-investigator > License: MIT > GitHub stars: 198 · forks: 51 --- Source: https://tokrepo.com/en/workflows/security-investigator-copilot-security-investigation-kit Author: Script Depot