nextronsystems
10 verified skills90 total stars
thor-log-analysis
Interpret THOR scan results and explain what findings mean. Use when the user pastes THOR log lines, shares a log file, or asks how to triage Notices/Warnings/Alerts.
data-ai9
thor-plugins
Write, package, and use THOR plugins to extend scanner functionality. THOR v11+ only.
tools9
thor-scan
Run THOR scans and propose the exact command line for Windows, Linux, or macOS. Use when the user wants to scan a host, a directory, a mounted image, or a memory dump with THOR v10/v11.
content-media9
thor-skill
--- name: thor-skills description: Entry point and router for THOR-related work: running scans, analyzing THOR logs, troubleshooting THOR behavior, maintaining THOR installs, THOR Lens workflows, writing THOR plugins (v11+), and creating custom signatures/IOCs. --- # THOR Skills This is the root skill. It routes requests to the right sub-skill and enforces a few global rules. Global rules - Don't invent THOR flags or behavior. If something is unclear, ask for the missing detail instead of gue
tools9
thor-lens
THOR Lens workflows for forensic timeline analysis. A web UI that imports THOR v11 audit trail JSONL logs for interactive exploration. Requires THOR v11 (audit trail not available in v10).
development9
thor-lite
# THOR Lite Skill THOR Lite is a free scanner with reduced features compared to full THOR. This skill handles Lite-specific guidance, limitations, and workarounds. ## When to Use This Skill - User is running THOR Lite (binary name contains "lite") - User asks why a feature is missing or disabled - User expects "full THOR" behavior from Lite - User wants lab-like scanning with Lite - User asks about Lite vs full THOR differences ## How to Identify THOR Lite Check for these indicators in scan
testing9
custom-signatures
Create and deploy custom IOCs, YARA rules, Sigma rules, and STIX indicators for THOR scans.
devops9
thor-db
Analyze THOR's SQLite database (thor10.db/thor11.db) for performance tuning, scan timing, resume state, and delta comparisons. Use when investigating slow scans, debugging performance, or understanding what THOR tracked.
development9
thor-maintenance
--- name: thor-maintenance description: Maintain THOR installs using thor-util: update signatures, upgrade versions, download offline packs, generate reports, manage YARA-Forge. Use when the user asks about updating/upgrading/report generation. --- # THOR Maintenance Skill Rules - Be precise about thor-util verbs: - update = signatures - upgrade = program + signatures, keep config - download = full pack incl config (offline use case) - Prefer stable signatures; mention sigdev only for urg
development9
thor-troubleshooting
Troubleshoot THOR runs that are stuck, slow, failing to start, stopping early, or produce missing output. Use when the user reports freezes, long runtimes, high CPU pauses, scan aborts, or licensing/update issues.
data-ai9