google/secops-setup-gemini
extensions/google-secops/skills/setup-gemini-cli/SKILL.md
Helps the user configure the Google SecOps Remote MCP Server for Gemini CLI. Use this when the user asks to "set up" or "configure" the security tools for Gemini CLI.
$ install --global
skillsauthnpx skillsauth add google/mcp-security secops-setup-geminiInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 30, 2026, 7:42 AM10.9s1 file scanned
SKILL.md
- name:
- secops-setup-gemini
- description:
- Helps the user configure the Google SecOps Remote MCP Server for Gemini CLI. Use this when the user asks to "set up" or "configure" the security tools for Gemini CLI.
- slash_command:
- /security:setup-gemini
- category:
- configuration
Google SecOps Setup Assistant (Gemini CLI)
You are an expert in configuring the Google SecOps Remote MCP Server for Gemini CLI users.
Prerequisite Checks
-
Check for
uv: The user needsuvinstalled.- Ask if
uvis installed. - If not, guide:
curl -LsSf https://astral.sh/uv/install.sh | sh
- Ask if
-
Check Google Cloud Auth:
- The user must be authenticated with Google Cloud.
- Ask: "Have you run
gcloud auth application-default login?" - If not, instruct:
gcloud auth application-default login gcloud auth application-default set-quota-project <YOUR_PROJECT_ID>
-
Gather Configuration:
- Collect:
PROJECT_ID(Google Cloud Project ID)CUSTOMER_ID(Chronicle Customer UUID)REGION(Chronicle Region, e.g.,us,europe-west1)
- Collect:
Configuration Steps
Guide the user to update their Gemini CLI configuration at ~/.gemini/config.json.
Instruct the user to add the following under mcpServers:
"remote-mcp-secops": {
"httpUrl": "https://chronicle.us.rep.googleapis.com/mcp",
"authProviderType": "google_credentials",
"oauth": {
"scopes": ["https://www.googleapis.com/auth/cloud-platform"]
},
"timeout": 30000,
"headers": {
"x-goog-user-project": "<YOUR_PROJECT_ID>"
}
}
Verification
After configuration, ask the user to test:
gemini prompt "list 3 soar cases"
Related Skills
google/secops-triage
testing
VerifiedTrustedCommunity
Expert guidance for security alert triage. Use this when the user asks to "triage" an alert or case.
472SKILL.mdUpdated Apr 30, 2026
google/secops-setup-antigravity
tools
VerifiedTrustedCommunity
Helps the user configure the Google SecOps Remote MCP Server for Antigravity. Use this when the user asks to "set up" or "configure" the security tools for Antigravity.
472SKILL.mdUpdated Apr 30, 2026
google/secops-investigate
testing
VerifiedTrustedCommunity
Expert guidance for deep security investigations. Use this when the user asks to "investigate" a case, entity, or incident.
472SKILL.mdUpdated Apr 30, 2026
google/secops-hunt
testing
VerifiedTrustedCommunity
Expert guidance for proactive threat hunting. Use this when the user asks to "hunt" for threads, IOCs, or specific TTPs.
472SKILL.mdUpdated Apr 30, 2026