Trend Micro Skills for Claude Code

Supercharge your security operations with AI. This repository contains official Trend Micro skills for Claude Code, bringing the power of Trend Vision One directly into your development workflow.

Table of Contents

• What Are Skills?
• Available Plugins
  • AI Guard
  • Vision One API
  • Knowledge Base
• Quick Start
  • Prerequisites
  • Installation
• Example Workflows
• Who Is This For?
• Security & Permissions
• Documentation
• Contributing
• Support
• License

What Are Skills?

Skills extend Claude Code with specialized capabilities, domain expertise, and tool integrations. Instead of switching between your terminal and security dashboards, you can investigate alerts, assess vulnerabilities, and manage your security posture, all through natural language conversation.

Available Plugins

AI Guard

Protect your AI coding assistant from prompt injection attacks in real-time. AI Guard automatically scans files, web pages, and command outputs for malicious prompts designed to hijack Claude's behavior. Stop attackers from weaponizing your codebase before they even get started.

Feature	Description
Prompt Injection Detection	Identifies attempts to override system instructions
Jailbreak Prevention	Blocks techniques trying to bypass safety measures
PostToolUse Hooks	Automatically scans Read, WebFetch, and Bash outputs

Vision One API

50 tools across 8 specialized skills for comprehensive security operations. Turn natural language into powerful security queries—investigate alerts, assess your attack surface, and manage endpoints without switching between dashboards.

Skill	Tools	Use Case
vision-one-api:workbench-alerts	3	SOC alert investigation and triage
vision-one-api:cyber-risk-exposure	15	Attack surface and vulnerability analysis
vision-one-api:cloud-accounts	6	Multi-cloud account inventory
vision-one-api:email-security	3	Email infrastructure monitoring
vision-one-api:container-security	5	Kubernetes and ECS security
vision-one-api:endpoint-security	6	Endpoint and agent management
vision-one-api:cloud-posture	6	Cloud compliance and posture management
vision-one-api:iam-management	6	API keys and user accounts

Knowledge Base

Instant access to cloud security expertise without leaving your terminal. Query Trend Micro's comprehensive knowledge base for security best practices, compliance rules, and remediation steps across AWS, Azure, GCP, Alibaba Cloud, and Oracle. Get expert guidance on misconfigurations in seconds.

Feature	Description
Multi-Cloud Coverage	AWS, Azure, GCP, Alibaba Cloud, Oracle/OCI
Compliance Mapping	Rules mapped to CIS, SOC2, PCI-DSS, and more
Remediation Steps	Actionable fix instructions for every finding

Quick Start

Prerequisites

• Claude Code CLI installed
• Docker (for running MCP servers)
• Trend Vision One account with API access

Installation

1. Add the Trend Micro marketplace to Claude Code

   /plugin marketplace add trendmicro/vision-one-skills
   

2. Install the Vision One plugin

   /plugin
   

   Navigate to the Discover tab and install vision-one-api.

3. Set your Vision One credentials

   export TREND_VISION_ONE_API_KEY="your-api-key"
   export TREND_VISION_ONE_REGION="us"  # au, jp, eu, sg, in, us, or mea
   export TREND_VISION_ONE_READONLY="true"

4. Start using skills

   /vision-one-api:workbench-alerts
   "Show me critical alerts from the last 24 hours"
   

Example Workflows

Investigate a Security Incident

/vision-one-api:workbench-alerts
"I need to investigate alert ID ABC123. Show me the full details and any related alerts."

Assess Attack Surface Risk

/vision-one-api:cyber-risk-exposure
"What's our current attack surface risk? Focus on internet-facing assets and critical CVEs."

Check Endpoint Protection Coverage

/vision-one-api:endpoint-security
"How many endpoints have outdated agents? Give me a breakdown by OS type."

Review Cloud Compliance

/vision-one-api:cloud-posture
"What's our compliance status against CIS benchmarks? Highlight any critical findings."

Who Is This For?

SOC Analysts - Investigate alerts and triage incidents without leaving your terminal. Query alert details, correlate indicators, and build incident timelines through conversation.

Security Engineers - Assess attack surface exposure, track vulnerability remediation, and monitor endpoint protection coverage with natural language queries.

Cloud Security Teams - Manage multi-cloud account inventory, review compliance posture, and monitor container security across Kubernetes and ECS environments.

Platform Administrators - Manage Vision One API keys, user accounts, and platform configuration directly from Claude Code.

Security & Permissions

• Most skills are read-only by default
• Write operations require explicit user confirmation
• Skills respect Vision One API permissions-configure your API key with least privilege
• Sensitive data (credentials, vulnerabilities) stays within your conversation context

Documentation

• Vision One Plugin Setup - Detailed configuration and tool reference
• Skill Selection Guide - Choose the right skill for your role
• Write Operations - Understanding skills that modify data

Contributing

We welcome contributions from the security community. To add a new skill:

1. Create a directory under plugins/
2. Add a SKILL.md defining the skill's capabilities and instructions
3. Register your plugin in .claude-plugin/marketplace.json
4. Submit a pull request

See CLAUDE.md for detailed contribution guidelines.

Support

• Trend Micro Vision One Documentation
• Claude Code Documentation
• Report Issues

License

Copyright (c) Trend Micro Incorporated. All rights reserved.

---

Built by Trend Micro for the security community.