Run the command: npx killer-skills add dfirtnt/Huntable-CTI-Studio/rs. It works with Cursor, Windsurf, VS Code, Claude Code, and 15+ other IDEs.

Which IDEs are compatible with rs?

This skill is compatible with Cursor, Windsurf, VS Code, Claude Code, GitHub Copilot, JetBrains, Cline, Roo Code, and many more. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for rs?

Requires CLI access. Dependent on OSINT ingestion and observable extraction. Limited to Sigma rule generation and validation.

Killer-Skills

rs — how to use rs how to use rs, rs setup guide, rs alternative, rs vs other CTI platforms, what is rs, rs install, rs CTI studio, AI-assisted Sigma rule generation, OSINT ingestion tools

Name: rs
Availability: InStock
Rating: 2.4 (2 reviews)
Author: dfirtnt

v1.0.0

GitHub

Perfect for Threat Analysis Agents needing automated Sigma rule generation and OSINT ingestion rs is an open-source CTI platform that enables OSINT ingestion, observable extraction, and AI-assisted Sigma rule generation with validation

Runs rescore commands for keyword/regex hunt scores and ML hunt scores

Utilizes `threat_hunting_score` in article metadata for scoring

Leverages `ml_hunt_score` from chunk-level model predictions for ML-based scoring

Executes `./run_cli.sh rescore --force` and `./run_cli.sh rescore-ml --force` commands

Supports validation of AI-assisted Sigma rules

# Core Topics

how to use rs rs setup guide rs alternative rs vs other CTI platforms what is rs rs install

dfirtnt

[2]

[0]

Updated: 2/26/2026

GitHub

↓ Quality Score

Top 5%

Excellent

Based on code quality & docs

Installation

SYS Universal Install (Auto-Detect)

> npx killer-skills add dfirtnt/Huntable-CTI-Studio/rs

Agent Capability Analysis

The rs MCP Server by dfirtnt is an open-source Categories.community integration for Claude and other AI agents, enabling seamless task automation and capability expansion. Optimized for how to use rs, rs setup guide, rs alternative.

Ideal Agent Persona

Perfect for Threat Analysis Agents needing automated Sigma rule generation and OSINT ingestion

Core Value

Empowers agents to rescore articles using keyword/regex hunt scores and ML hunt scores from chunk-level model predictions, leveraging threat_hunting_score and ml_hunt_score metadata, and utilizing CLI commands like ./run_cli.sh rescore and ./run_cli.sh rescore-ml

↓ Capabilities Granted for rs MCP Server

Automating Sigma rule generation for threat hunting

Validating scoring rules after retraining machine learning models

Rescoring articles after updating keyword/regex rules

! Prerequisites & Limits

Requires CLI access
Dependent on OSINT ingestion and observable extraction
Limited to Sigma rule generation and validation

Explorer

Project

SKILL.md

882 B

.cursorrules

1.2 KB

package.json

240 B

Ready

UTF-8

# Tags

[No tags]

SKILL.md

Readonly

RS — Rescore All Articles

When the user says rs, run both rescore commands. Do not commit or push; this is data-only.

Commands (in order)

Keyword/regex hunt scores — threat_hunting_score in article metadata:
```
bash
1./run_cli.sh rescore --force
```
ML hunt scores — ml_hunt_score from chunk-level model predictions:
```
bash
1./run_cli.sh rescore-ml --force
```

When to use

After changing scoring rules (keyword rescore).
After retraining the ML model or changing aggregation (rescore-ml).
To backfill or refresh all article scores.

Optional scope

Single article: ./run_cli.sh rescore --article-id ID --force and ./run_cli.sh rescore-ml --article-id ID --force.
Dry run: add --dry-run to either command to preview without writing.

Out of scope

No git add / commit / push (use lg for that).

Related Skills

Looking for an alternative to rs or building a Categories.community AI Agent? Explore these related open-source MCP Servers.

View All

widget-generator

widget-generator is an open-source AI agent skill for creating widget plugins that are injected into prompt feeds on prompts.chat. It supports two rendering modes: standard prompt widgets using default PromptCard styling and custom render widgets built as full React components.

★ 149.6k

⑂ 0

Design

chat-sdk

lobehub

chat-sdk is a unified TypeScript SDK for building chat bots across multiple platforms, providing a single interface for deploying bot logic.

★ 73.0k

⑂ 0

Communication

zustand

lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

★ 72.8k

⑂ 0

Communication

data-fetching

lobehub

★ 72.8k

⑂ 0

Communication

rs — how to use rs how to use rs, rs setup guide, rs alternative, rs vs other CTI platforms, what is rs, rs install, rs CTI studio, AI-assisted Sigma rule generation, OSINT ingestion tools

About this Skill

Features

# Core Topics

↓ Quality Score

Agent Capability Analysis

Ideal Agent Persona

Core Value

↓ Capabilities Granted for rs MCP Server

! Prerequisites & Limits

# Tags

RS — Rescore All Articles

Commands (in order)

When to use

Optional scope

Out of scope

Related Skills

Looking for an alternative to rs or building a Categories.community AI Agent? Explore these related open-source MCP Servers.

widget-generator

chat-sdk

zustand

data-fetching