TL;DR: Five Claude Code skills that every security engineer should install: humanizer cleans AI tells from reports, obsidian-wiki turns investigation notes into a searchable knowledge base, graphify builds a queryable map of any codebase, skill-creator encodes internal processes into repeatable commands, and find-skills surfaces community tools.

These five skills cover the full security engineer cycle: write cleaner reports, build a searchable knowledge base, understand unfamiliar codebases, encode your own processes into repeatable commands, and discover what the community has already shipped.

1. humanizer - Stop Sounding Like an LLM

Source: github.com/blader/humanizer

AI-generated security writing is verbose and abstract. Hedge words, hollow formal language, stilted rhythm. Instead of "we blocked port 22" you get "our security posture was reinforced through strategic access control measures."

humanizer strips that out. It applies 29 detection rules from Wikipedia's WikiProject AI Cleanup guide. The feature that matters: voice calibration. Feed it 2-3 paragraphs of your own writing, then paste the AI draft. Output matches your sentence length, vocabulary, formality. Sounds like you wrote it.

Use it. Draft an incident brief with Claude Code. It opens with generic threat boilerplate and hedges constantly. Run /humanizer with a voice sample from your last report. The opener becomes: "A phishing campaign bypassed MFA on Tuesday. Here is what happened." No hedging. Reads like a senior analyst wrote it.

Install it:

git clone https://github.com/blader/humanizer.git ~/.claude/skills/humanizer/

Then /humanizer [paste text] or /humanizer Here is a writing sample: [2-3 paragraphs] Now humanize this: [text].

2. obsidian-wiki - Searchable Knowledge Base

Source: github.com/Ar9av/obsidian-wiki

Security engineers accumulate context across tools: Terraform plans, incident timelines, CVE research, pentest findings, Slack threads.

This skill ingests any source, documents, PDFs, transcripts, agent histories, ChatGPT exports, meeting recordings, and distills them into an interconnected Obsidian vault. Every page gets wikilinks connecting related topics.

The result is queryable. New CVE drops, ask "has this attack vector been seen before?" The wiki returns what you learned last time.

Use it. Three-week crypto-mining investigation across AWS and GCP. CloudTrail snippets, malware notes, Slack threads. Run /wiki-ingest on the folder. The skill distills everything into wiki pages: "crypto-mining" links to "exposed S3 bucket" links to "compromised IAM key" links to "detection rule." A month later, a new variant hits. One query brings back everything.

Install it:

npx skills add ar9av/obsidian-wiki

Run /wiki-setup to initialize the vault. Then /wiki-ingest to distill documents.

How to Build a Security Engineer Second Brain with Karpathy's LLM Wiki Pattern

Build a security knowledge base with AI. Store pentest reports, incident logs, and findings for instant access during debugging and incident response. Never lose research again.

SecEngAI.com - Applied AI For Security Engineering • Muh. Fani "Rama" Akbar

3. graphify - Understand Any Codebase

Source: github.com/safishamsi/graphify

graphify is a multi-modal knowledge graph builder. It turns entire repositories, source code in all major languages (via Tree-sitter), SQL schemas, documentation, PDFs, images, diagrams, into an interactive, queryable knowledge graph. It exports three formats: graph.html for visual exploration in the browser, graph.json for machine queries, and GRAPH_REPORT.md for a human-readable summary.

Claude Code auto-discovers /graphify commands after installation. Key ones: /graphify query "find all paths from user input to database", /graphify path "auth" "payments" for the shortest call chain, and /graphify explain "function_name" for a focused analysis of a single component.

Picture this. You are reviewing a microservice you have never seen. Go API servers, a PostgreSQL schema, Terraform modules. Instead of reading 50 files manually, run graphify extract .. You get an interactive graph of the entire system. Run /graphify query "find all paths from user input to database". The graph finds a path where admin routes connect to the database without passing through validation middleware. The graph surfaces the bypass route immediately, no manual file-by-file tracing needed.

Install it:

pip install graphifyy
graphify extract .     # build graph for current repo

4. skill-creator - Create reusable task

Source: Built into Claude Code (github.com/anthropics/skills/tree/main/skills/skill-creator)

skill-creator is a meta-skill for building, testing, and improving Claude Code skills. It has four modes: Create (generate a skill from a natural language description), Eval (test it against cases you define), Improve (iterate based on eval results), and Benchmark (compare versions against each other).

The process is fast. Describe a 15-step process in plain English, get a structured SKILL.md with YAML frontmatter, run eval tests against real scenarios, iterate. The whole loop takes 15-30 minutes for a single-pass process.

Say you have this problem. Your team has a 15-step vulnerability triage process: validate the submission, reproduce the finding, score with CVSS, check exploitability, correlate with existing bugs, draft an advisory, coordinate disclosure. It lives in a Notion doc that everyone interprets differently. You open Claude Code and describe the process. You get a SKILL.md. You run an eval with test cases, does it handle a false positive correctly? Does it skip CVSS scoring for findings without a clear impact? Two iterations later, /triage-vulnerability executes your exact process every time. Every team member runs the same routine.

Use it by prompting directly: "Create a skill using skill-creator" then describe the process. Or "Review this skill and suggest improvements."

5. find-skills, Discover the Community Ecosystem

Source: github.com/vercel-labs/skills/blob/main/skills/find-skills/SKILL.md

find-skills is the gateway to the open Agent Skills ecosystem, powered by skills.sh and the npx skills CLI (maintained by Vercel Labs). It fuzzy-searches thousands of community skills, installs them across multiple agent types (Claude Code, Cursor, Codex), and manages updates.

The interface is three commands. npx skills find <query> searches the directory. npx skills add owner/repo installs skills from a repository. npx skills list shows what is installed. That is the entire tool.

What makes find-skills useful for security engineers is the discovery aspect alone. A skill one team wrote for their incident response process might fit another team perfectly, but there's no central bulletin board. The search interface collapses that discovery into a query.

Real example. You are starting a new security engineering project and want to see what Claude Code skills exist. You run npx skills find security. It returns 20-plus skills covering threat modeling, code review, and vulnerability checking. You install the relevant ones with npx skills add author/repo --skill skill-name -a claude-code. What used to take 30 minutes of GitHub searching takes one command.

How to Install Security Skills in Claude Code Using skills.sh

Automate security workflows in Claude Code with skills.sh. Install pentesting, code audit, and vulnerability scanning skills in 30 seconds. Skip repetitive setup.

SecEngAI.com - Applied AI For Security Engineering • Muh. Fani "Rama" Akbar

The Stack, How These Five Skills Fit Together

The loop:

  1. find-skills discovers what exists. Run a search, find something relevant, install it.

  2. graphify gives architecture context for any codebase you land in. Run it first when you encounter an unfamiliar repository.

  3. obsidian-wiki ingests everything you learn during investigations. Notes, evidence, timelines, detection rules, all distilled into a queryable vault.

  4. humanizer finishes every piece of writing that leaves your terminal. Incident reports, blog posts, client deliverables. One command, no editing pass required.

  5. skill-creator encodes any process you repeat more than twice into a reusable skill. The more you use it, the less muscle memory you need.

The loop matters more than any single skill. The more you use them, the more context accumulates, the faster future investigations go. A new project starts with npx skills find and graphify extract, builds on everything previously ingested, produces output polished by humanizer, and feeds back into the vault.

Getting Started

Install the skills:

# humanizer
git clone https://github.com/blader/humanizer.git ~/.claude/skills/humanizer/

# obsidian-wiki
npx skills add ar9av/obsidian-wiki

# graphify
pip install graphifyy && graphify install

# skill-creator (built into Claude Code, no install needed)

# find-skills (built into npx skills CLI, no install needed)

Test them one at a time:

  • Run /humanizer on a draft you're not happy with.

  • Run /wiki-ingest on a project folder with notes, logs, and research.

  • Run graphify extract on a repository you need to understand.

  • Use skill-creator to encode your most repetitive review process.

  • Run npx skills find with a query related to your next project.

Build from there. Start with one skill. Add more as you need them. The point isn't to install all five at once. It's to notice a recurring slowdown and have a tool that removes it.

Further Reading

Skills & Agents:

Skill Ecosystem:

Config Management:

Ready to apply AI to your Security Engineering?

Subscribe to Secengai Newsletter for weekly actionable content on AI for security engineers.

This content reflects personal views, experiments, and use cases in AI and security engineering. It does not represent any employer's positions, policies, or practices.

Keep Reading

© 2026 SecEngAI.com - Applied AI For Security Engineering.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv