OpenSkillIndex← back to search
claude-code

Secbot system-commands

install
source · Clone the upstream repo
git clone https://github.com/iammm0/secbot
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/iammm0/secbot "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/base/system-commands" ~/.claude/skills/iammm0-secbot-system-commands && rm -rf "$T"
manifest: skills/base/system-commands/SKILL.md
tags
#system#process#file#network#information
source content

System Commands Reference

Overview

This skill provides comprehensive system-level commands for security assessment and enumeration.

File Operations

List Files

{
    "action": "list_files",
    "path": "C:\\",
    "recursive": false
}

Read File

{
    "action": "read_file",
    "file_path": "C:\\path\\to\\file.txt",
    "encoding": "utf-8"
}

Write File

{
    "action": "write_file",
    "file_path": "C:\\output\\result.txt",
    "content": "file content here"
}

File Info

{
    "action": "get_file_info",
    "file_path": "C:\\Windows\\System32\\notepad.exe"
}

Directory Operations

[
    { "action": "create_directory", "dir_path": "C:\\temp\\new_folder" },
    { "action": "delete_file", "file_path": "C:\\temp\\file.txt" },
    { "action": "delete_directory", "dir_path": "C:\\temp\\folder" },
    { "action": "copy_file", "src": "C:\\source\\file.txt", "dst": "C:\\dest\\file.txt" },
    { "action": "move_file", "src": "C:\\source\\file.txt", "dst": "C:\\dest\\file.txt" }
]

Process Operations

List Processes

{
    "action": "list_processes",
    "filter_name": "svchost"
}

Returns:

  • PID, name, CPU%, memory%, status

Get Process Info

{
    "action": "get_process_info",
    "pid": 1234
}

Kill Process

{
    "action": "kill_process",
    "pid": 1234
}

Common Process Enumeration (Security)

TaskCommandUse Case
Find suspicious processes
tasklist /v
(Win) / 
ps aux
(Lin)		Malware detection
Process with network
netstat -ano
+ tasklist		Find process using port
Hidden processes
wmic process
(Win)		Rootkit detection
Service processes
sc query
(Win) / 
systemctl list
(Lin)		Persistence check

System Information

Get CPU Info

{
    "action": "get_cpu_info"
}

Get Memory Info

{
    "action": "get_memory_info"
}

Get Disk Info

{
    "action": "get_disk_info"
}

Get Network Info

{
    "action": "get_network_info"
}

Security Assessment Use Cases

1. System Reconnaissance

[
    { "action": "get_system_info" },
    { "action": "list_files", "path": "C:\\Users", "recursive": true },
    { "action": "list_processes" }
]

2. Malware Analysis

[
    { "action": "get_process_info", "pid": 1234 },
    { "action": "list_processes", "filter_name": "svchost" },
    { "action": "list_files", "path": "C:\\Windows\\System32", "recursive": false }
]

3. Privilege Escalation Check

[
    { "action": "execute_command", "command": "whoami /all" },
    { "action": "execute_command", "command": "id" },
    { "action": "execute_command", "command": "net user admin" }
]

4. Persistence Detection

[
    {
        "action": "list_files",
        "path": "C:\\Users\\%USERNAME%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup"
    },
    {
        "action": "execute_command",
        "command": "reg query HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run"
    },
    {
        "action": "execute_command",
        "command": "cat /etc/crontab"
    }
]

5. Credential Hunting

[
    { "action": "execute_command", "command": "reg save HKLM\\SAM C:\\temp\\sam" },
    { "action": "execute_command", "command": "cat /etc/passwd" },
    { "action": "execute_command", "command": "cat /etc/shadow" },
    {
        "action": "list_files",
        "path": "C:\\Users\\%USERNAME%\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
    }
]

Environment Variables

Get Environment Variable

{
    "action": "get_env",
    "key": "PATH"
}

Set Environment Variable

{
    "action": "set_env",
    "key": "MY_VAR",
    "value": "test_value"
}

List All Variables

{
    "action": "list_env"
}

Path Operations

Get Current Directory

{
    "action": "get_current_directory"
}

Change Directory

{
    "action": "change_directory",
    "path": "C:\\temp"
}

Check Path Exists

{
    "action": "path_exists",
    "path": "C:\\Windows"
}

Output Format

All operations return:

{
    "success": true,
    "result": "<operation result>",
    "error": "error message if failed"
}

Best Practices

  1. Permissions

    • Some operations require elevated privileges
    • Check return values for permission errors

  2. Performance

    • Use 
      recursive: false
      for large directories
    • Consider timeout for network operations

  3. Security

    • Be careful with file write operations
    • Avoid overwriting critical system files

  4. Logging

    • All operations are logged for audit
    • Sensitive operations may require confirmation