Add uv package manager support as alternative to system Python

.claude/skills/ffind/SKILL.md

@@ -21,12 +21,14 @@ When the user asks to analyze files, find specific file types, or extract filesy
    - Ask if they want all file types or just artifact types
 
 2. **Execute the analysis**:
-   - Use the ffind command from the iothackbot bin directory
-   - Basic usage: `ffind <path> [<path2> ...]`
-   - To extract filesystems: `ffind <path> -e`
-   - Custom extraction directory: `ffind <path> -e -d /path/to/output`
-   - Show all file types: `ffind <path> -a`
-   - Verbose output: `ffind <path> -v`
+   - Use the ffind command via uv run entry point
+   - Basic usage: `uv run ffind <path> [<path2> ...]`
+   - To extract filesystems: `uv run ffind <path> -e`
+   - Custom extraction directory: `uv run ffind <path> -e -d /path/to/output`
+   - Show all file types: `uv run ffind <path> -a`
+   - Verbose output: `uv run ffind <path> -v`
+
+   **Note**: If the venv is activated or if bin/ is in PATH, you can use `ffind` directly without `uv run`
 
 3. **Output formats**:
    - `--format text` (default): Human-readable colored output with type summaries
@@ -43,24 +45,26 @@ When the user asks to analyze files, find specific file types, or extract filesy
 
 Analyze a firmware file to see file types:
 ```bash
-ffind /path/to/firmware.bin
+uv run ffind /path/to/firmware.bin
 ```
 
 Extract all filesystems from a firmware image:
 ```bash
-sudo ffind /path/to/firmware.bin -e
+sudo uv run ffind /path/to/firmware.bin -e
 ```
 
 Analyze multiple files and show all types:
 ```bash
-ffind /path/to/file1.bin /path/to/file2.bin -a
+uv run ffind /path/to/file1.bin /path/to/file2.bin -a
 ```
 
 Extract to a custom directory:
 ```bash
-sudo ffind /path/to/firmware.bin -e -d /tmp/my-extraction
+sudo uv run ffind /path/to/firmware.bin -e -d /tmp/my-extraction
 ```
 
+**Note**: You can also use `ffind` directly (without `uv run`) if the venv is activated or bin/ is in your PATH.
+
 ## Important Notes
 
 - Extraction requires root/sudo privileges

.claude/skills/iotnet/SKILL.md

@@ -32,20 +32,22 @@ When the user asks to analyze network traffic, capture IoT traffic, or assess ne
    - Check if custom detection rules are needed
 
 3. **Execute the analysis**:
-   - Use the iotnet command from the iothackbot bin directory
+   - Use the iotnet command via uv run entry point
+
+   **Note**: If the venv is activated or if bin/ is in PATH, you can use `iotnet` directly without `uv run`
 
 ## Usage Modes
 
 ### PCAP Analysis (Offline)
 Analyze one or more existing packet capture files:
 ```bash
-iotnet capture1.pcap capture2.pcap
+uv run iotnet capture1.pcap capture2.pcap
 ```
 
 ### Live Capture
 Capture and analyze traffic in real-time:
 ```bash
-sudo iotnet -i eth0 -d 30
+sudo uv run iotnet -i eth0 -d 30
 ```
 
 ## Parameters
@@ -74,34 +76,36 @@ sudo iotnet -i eth0 -d 30
 
 Analyze a packet capture file:
 ```bash
-iotnet /path/to/capture.pcap
+uv run iotnet /path/to/capture.pcap
 ```
 
 Live capture for 60 seconds on wifi interface:
 ```bash
-sudo iotnet -i wlan0 -d 60
+sudo uv run iotnet -i wlan0 -d 60
 ```
 
 Analyze traffic for specific IP:
 ```bash
-iotnet capture.pcap --ip 192.168.1.100
+uv run iotnet capture.pcap --ip 192.168.1.100
 ```
 
 Live capture with BPF filter:
 ```bash
-sudo iotnet -i eth0 -c "port 1883 or port 5683" -d 45
+sudo uv run iotnet -i eth0 -c "port 1883 or port 5683" -d 45
 ```
 
 Multiple PCAPs with custom config:
 ```bash
-iotnet file1.pcap file2.pcap --config custom-rules.json
+uv run iotnet file1.pcap file2.pcap --config custom-rules.json
 ```
 
 Filter by display filter (Wireshark syntax):
 ```bash
-iotnet capture.pcap --display-filter "mqtt or coap"
+uv run iotnet capture.pcap --display-filter "mqtt or coap"
 ```
 
+**Note**: You can also use `iotnet` directly (without `uv run`) if the venv is activated or bin/ is in your PATH.
+
 ## Detected IoT Protocols
 
 The tool can identify:

.claude/skills/onvifscan/SKILL.md

@@ -27,15 +27,17 @@ When the user asks to scan ONVIF devices, test IP cameras, or assess IoT device
    - Check if they have custom wordlists
 
 3. **Execute the scan**:
-   - Use the onvifscan command from the iothackbot bin directory
-   - Format: `onvifscan <subcommand> <url> [options]`
+   - Use the onvifscan command via uv run entry point
+   - Format: `uv run onvifscan <subcommand> <url> [options]`
+
+   **Note**: If the venv is activated or if bin/ is in PATH, you can use `onvifscan` directly without `uv run`
 
 ## Subcommands
 
 ### Auth Scan
 Tests ONVIF endpoints for authentication requirements:
 ```bash
-onvifscan auth http://192.168.1.100
+uv run onvifscan auth http://192.168.1.100
 ```
 
 Options:
@@ -46,7 +48,7 @@ Options:
 ### Brute Force
 Attempts credential brute-forcing on protected endpoints:
 ```bash
-onvifscan brute http://192.168.1.100
+uv run onvifscan brute http://192.168.1.100
 ```
 
 Options:
@@ -58,19 +60,21 @@ Options:
 
 Quick auth check on a device:
 ```bash
-onvifscan auth 192.168.1.100
+uv run onvifscan auth 192.168.1.100
 ```
 
 Auth check with verbose output:
 ```bash
-onvifscan auth http://192.168.1.100:8080 -v
+uv run onvifscan auth http://192.168.1.100:8080 -v
 ```
 
 Brute force with custom wordlists:
 ```bash
-onvifscan brute 192.168.1.100 --usernames custom-users.txt --passwords custom-pass.txt
+uv run onvifscan brute 192.168.1.100 --usernames custom-users.txt --passwords custom-pass.txt
 ```
 
+**Note**: You can also use `onvifscan` directly (without `uv run`) if the venv is activated or bin/ is in your PATH.
+
 ## Important Notes
 
 - URLs can omit `http://` - it will be added automatically