Neo’s agents are generalists by default, but security work demands domain-specific expertise. Writing a Nuclei template, triaging a HackerOne report, running a red team engagement, and setting up a VPN tunnel each require detailed procedural knowledge that goes beyond what the model knows from training. Skills are how Neo bridges this gap. A skill is a structured knowledge guide written as a SKILL.md file that follows an open standard. Each skill contains detailed instructions, methodology, tool usage patterns, and reference material for a specific domain. When an agent encounters a task that matches a skill’s domain, it activates the skill and loads the full instructions into its context. The agent then follows the skill’s guidance alongside its own reasoning, combining domain-specific best practices with real-time decision making. Skills are loaded on demand, not injected all at once. Every agent sees a list of available skills with their names and descriptions, but the full instructions are only loaded when the agent activates a skill. A maximum of three skills can be active simultaneously to manage the token budget. When the agent moves to a different phase of work, it can deactivate a skill it no longer needs and activate a new one. This keeps the agent’s context focused on what is relevant right now. Neo ships with 25 built-in skills covering the major domains of security work. The redteam skill provides a complete operating framework for adversary simulation: scoping, attack path mapping, credential workflows, privilege escalation, lateral movement, OPSEC, cleanup procedures, and evidence-backed reporting. The variant-analysis skill teaches the agent how to find similar vulnerabilities across a codebase after discovering an initial issue, using pattern-based analysis with Semgrep and ripgrep. The nuclei-templates skill guides the agent through creating custom Nuclei vulnerability detection templates from scratch. The sqlmap-guide covers SQLMap usage for SQL injection testing. The semgrep skill covers writing and running custom Semgrep rules for static analysis. The libfuzzer skill provides fuzzing methodology. The android-security-guide is an 850-line reference covering IPC attacks, data security, WebView exploitation, cryptographic issues, deeplink abuse, ADB commands, Frida hooks, and static analysis patterns. The ios-security-guide covers IPA analysis, binary inspection, keychain access, transport security, URL schemes, and secrets scanning. The mobile-advanced-techniques skill goes deeper into Frida workflows, anti-Frida bypass, native library analysis, whitebox cryptography, and traffic interception. The pd-cloud skill covers the full ProjectDiscovery Cloud Platform API: asset discovery, vulnerability scanning, leaked credential monitoring, and template management. The h1-api, h1-setup, and h1-triage skills handle HackerOne workflows for fetching reports, validating findings, and posting a Triage Summary. The vpn-guide covers connecting to private networks using WireGuard, OpenVPN, Tailscale, Twingate, and other VPN clients pre-installed in the sandbox. The security-findings skill provides standardized vulnerability report templates with CVSS scoring, proof-of-concept formatting, and remediation guidance. The exploitability-verification skill covers the methodology for confirming whether a finding is actually exploitable. The runtime-validation skill handles validating findings against live targets. The differential-review and task-diff-analyse skills support change-based analysis for PR reviews and scheduled task comparisons. Skills for docx and pdf output are also included, so the agent can produce polished deliverables in standard formats. Each skill is more than just a text file. A skill can include reference materials in a references subdirectory, like finding templates, API documentation, or configuration examples. When a skill is activated, the agent knows the sandbox filesystem path to these files and can read them directly during execution. Some skills include over a dozen reference files. Beyond the built-in set, you can install your own skills into the workspace. Skills follow an open standard compatible with multiple agent platforms, and Neo automatically discovers them from well-known directories in the sandbox. If your team has internal methodologies, custom testing procedures, or proprietary tool configurations, you can encode them as SKILL.md files and the agent picks them up at runtime without any configuration changes. Install them withDocumentation Index
Fetch the complete documentation index at: https://docs.neo.projectdiscovery.io/llms.txt
Use this file to discover all available pages before exploring further.
npx skills add or place them directly in the workspace skill directories.
Agents can also search across skill content without activating them. If the agent needs to quickly check whether any skill covers a specific topic, it can search by keyword and get relevant snippets before deciding whether to fully activate the skill.
The practical effect is that Neo does not just have access to tools. It has access to the knowledge of how to use those tools well. A Nuclei template written by an agent with the nuclei-templates skill active follows ProjectDiscovery’s conventions and best practices. A red team engagement run with the redteam skill follows established methodology rather than ad-hoc improvisation. Skills turn the agent from a capable generalist into a domain-aware specialist for whatever type of security work you need.