Trend Micro Skills for Claude Code
Supercharge your security operations with AI. This repository contains official Trend Micro skills for Claude Code, bringing the power of Trend Vision One directly into your development workflow.
Table of Contents
What Are Skills?
Skills extend Claude Code with specialized capabilities, domain expertise, and tool integrations. Instead of switching between your terminal and security dashboards, you can investigate alerts, assess vulnerabilities, and manage your security posture, all through natural language conversation.
Available Plugins
AI Guard
Protect your AI coding assistant from prompt injection attacks in real-time. AI Guard automatically scans files, web pages, and command outputs for malicious prompts designed to hijack Claude's behavior. Stop attackers from weaponizing your codebase before they even get started.
| Feature | Description |
|---|
| Prompt Injection Detection | Identifies attempts to override system instructions |
| Jailbreak Prevention | Blocks techniques trying to bypass safety measures |
| PostToolUse Hooks | Automatically scans Read, WebFetch, and Bash outputs |
Vision One API
50 tools across 8 specialized skills for comprehensive security operations. Turn natural language into powerful security queries—investigate alerts, assess your attack surface, and manage endpoints without switching between dashboards.
| Skill | Tools | Use Case |
|---|
vision-one-api:workbench-alerts | 3 | SOC alert investigation and triage |
vision-one-api:cyber-risk-exposure | 15 | Attack surface and vulnerability analysis |
vision-one-api:cloud-accounts | 6 | Multi-cloud account inventory |
vision-one-api:email-security | 3 | Email infrastructure monitoring |
vision-one-api:container-security | 5 | Kubernetes and ECS security |
vision-one-api:endpoint-security | 6 | Endpoint and agent management |
vision-one-api:cloud-posture | 6 | Cloud compliance and posture management |
vision-one-api:iam-management | 6 | API keys and user accounts |
Knowledge Base
Instant access to cloud security expertise without leaving your terminal. Query Trend Micro's comprehensive knowledge base for security best practices, compliance rules, and remediation steps across AWS, Azure, GCP, Alibaba Cloud, and Oracle. Get expert guidance on misconfigurations in seconds.
| Feature | Description |
|---|
| Multi-Cloud Coverage | AWS, Azure, GCP, Alibaba Cloud, Oracle/OCI |
| Compliance Mapping | Rules mapped to CIS, SOC2, PCI-DSS, and more |
| Remediation Steps | Actionable fix instructions for every finding |
Quick Start
Prerequisites
- Claude Code CLI installed
- Docker (for running MCP servers)
- Trend Vision One account with API access
Installation
-
Add the Trend Micro marketplace to Claude Code
/plugin marketplace add trendmicro/vision-one-skills
-
Install the Vision One plugin
/plugin
Navigate to the Discover tab and install vision-one-api.
-
Set your Vision One credentials
export TREND_VISION_ONE_API_KEY="your-api-key"
export TREND_VISION_ONE_REGION="us" # au, jp, eu, sg, in, us, or mea
export TREND_VISION_ONE_READONLY="true"
-
Start using skills
/vision-one-api:workbench-alerts
"Show me critical alerts from the last 24 hours"
Example Workflows
Investigate a Security Incident
/vision-one-api:workbench-alerts
"I need to investigate alert ID ABC123. Show me the full details and any related alerts."
Assess Attack Surface Risk
/vision-one-api:cyber-risk-exposure
"What's our current attack surface risk? Focus on internet-facing assets and critical CVEs."
Check Endpoint Protection Coverage
/vision-one-api:endpoint-security
"How many endpoints have outdated agents? Give me a breakdown by OS type."
Review Cloud Compliance
/vision-one-api:cloud-posture
"What's our compliance status against CIS benchmarks? Highlight any critical findings."
Who Is This For?
SOC Analysts - Investigate alerts and triage incidents without leaving your terminal. Query alert details, correlate indicators, and build incident timelines through conversation.