creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-16 16:03:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Overhaul README with badges, quick start, and skill categories

Browse Source
This commit is contained in:
mukul975
2026-02-25 11:09:42 +01:00
parent 9f3f46b4f4
commit 637a7d5267
13 changed files with 1394 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
launch/awesome-list-submissions.md
+206
View File
@@ -0,0 +1,206 @@
# Awesome List Submission Guide
Structured guide for submitting Anthropic-Cybersecurity-Skills to relevant awesome lists on GitHub. Each entry includes the target repo, PR template, and submission notes.
---
## Priority Order
### 1. awesome-cybersecurity-agentic-ai (raphabot) -- HIGHEST PRIORITY
- **Repo:** https://github.com/raphabot/awesome-cybersecurity-agentic-ai
- **Section:** Skills / Knowledge Bases (or most relevant section)
- **Why highest priority:** Exact domain overlap -- cybersecurity + AI agents
**PR Title:**
```
Add Anthropic-Cybersecurity-Skills to Skills/Knowledge Bases
```
**PR Body:**
```markdown
Adding the first comprehensive cybersecurity skills database for AI agents.
611+ skills following the agentskills.io open standard, compatible with
Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, and 20+ platforms.
**[Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills)** — 611+ cybersecurity skills for AI agents following the agentskills.io open standard. Covers threat detection, incident response, penetration testing, digital forensics, cloud security, and more.
```
**Suggested list entry:**
```markdown
- [Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills) — 611+ cybersecurity skills for AI agents following the agentskills.io open standard. Covers threat detection, incident response, penetration testing, digital forensics, cloud security, and more.
```
**Pre-submission checklist:**
- [ ] Read CONTRIBUTING.md in the target repo
- [ ] Verify the list entry matches their formatting conventions
- [ ] Ensure alphabetical ordering if required
- [ ] Star the awesome list repo before submitting
---
### 2. awesome-ai-security (TalEliyahu)
- **Repo:** https://github.com/TalEliyahu/awesome-ai-security
- **Section:** Tools / Resources (or AI Security Tools)
**PR Title:**
```
Add Anthropic-Cybersecurity-Skills — 611+ cybersecurity skills for AI agents
```
**PR Body:**
```markdown
## What is this?
A comprehensive cybersecurity skills database designed for AI coding agents. Contains 611+ skills covering the full cybersecurity domain: threat detection, incident response, penetration testing, digital forensics, cloud security, network security, malware analysis, and more.
## Why it fits this list
- AI agents using these skills can perform real security analysis tasks
- Follows the agentskills.io open standard (SKILL.md format)
- Compatible with Claude Code, GitHub Copilot, Cursor, Windsurf, and 20+ AI platforms
- Open source under MIT license
**Link:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills
```
**Suggested list entry:**
```markdown
- [Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills) — 611+ cybersecurity skills for AI coding agents. Covers threat detection, incident response, penetration testing, forensics, cloud security. agentskills.io standard.
```
---
### 3. awesome-security (sindresorhus ecosystem)
- **Repo:** https://github.com/sbilly/awesome-security
- **Section:** Other / Tools / AI-Assisted Security
**PR Title:**
```
Add Anthropic-Cybersecurity-Skills — cybersecurity skill library for AI agents
```
**PR Body:**
```markdown
Adding a cybersecurity skills database that enables AI coding agents to perform security tasks.
- 611+ structured skills across 12 cybersecurity subdomains
- Threat detection, incident response, penetration testing, digital forensics, cloud security, and more
- Follows the agentskills.io open standard (SKILL.md format)
- Compatible with Claude Code, GitHub Copilot, Cursor, and 20+ AI platforms
**Link:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills
```
**Suggested list entry:**
```markdown
- [Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills) — 611+ cybersecurity skills for AI agents covering threat detection, IR, pentesting, forensics, and cloud security.
```
---
### 4. awesome-pentest
- **Repo:** https://github.com/enaqx/awesome-pentest
- **Section:** Tools / AI-Assisted / Knowledge Bases
**PR Title:**
```
Add Anthropic-Cybersecurity-Skills — AI agent pentesting skills library
```
**PR Body:**
```markdown
A library of 611+ cybersecurity skills structured for AI coding agents. Includes dedicated penetration testing skills covering:
- Network penetration testing
- Web application security testing
- Wireless security assessment
- Social engineering simulation
- Red team operations
- Exploit development methodology
Skills follow the agentskills.io open standard and work with Claude Code, GitHub Copilot, Cursor, and 20+ platforms.
**Link:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills
```
---
### 5. awesome-incident-response
- **Repo:** https://github.com/meirwah/awesome-incident-response
- **Section:** Tools / Knowledge Bases / AI-Assisted
**PR Title:**
```
Add Anthropic-Cybersecurity-Skills — AI-powered incident response skill library
```
**PR Body:**
```markdown
A structured skill library enabling AI agents to assist with incident response workflows. Includes skills for:
- Incident triage and classification
- Log analysis and correlation
- Forensic evidence collection
- Malware analysis and containment
- Post-incident reporting
- Threat hunting and detection
611+ skills total, with dedicated incident response coverage. agentskills.io open standard, compatible with Claude Code, Copilot, Cursor, and 20+ AI platforms.
**Link:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills
```
---
### 6. awesome-threat-intelligence
- **Repo:** https://github.com/hslatman/awesome-threat-intelligence
- **Section:** Tools / Resources / AI-Assisted
**PR Title:**
```
Add Anthropic-Cybersecurity-Skills — threat intelligence skills for AI agents
```
**PR Body:**
```markdown
A skill library enabling AI agents to assist with threat intelligence tasks. Includes skills covering:
- OSINT collection and analysis
- Threat actor profiling
- IOC extraction and enrichment
- MITRE ATT&CK mapping
- Threat landscape assessment
- Intelligence report generation
Part of a 611+ skill library following the agentskills.io open standard. Compatible with Claude Code, GitHub Copilot, Cursor, and 20+ AI platforms.
**Link:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills
```
---
## General Submission Process
1. **Fork** the target awesome list repository
2. **Read** their CONTRIBUTING.md and follow formatting rules exactly
3. **Add** the entry in the correct section, respecting alphabetical order
4. **Create PR** using the templates above, adjusting as needed
5. **Be patient** -- maintainers are volunteers; follow up politely after 2 weeks if no response
6. **Do not** submit to all lists on the same day; space submissions 2-3 days apart to avoid appearing spammy
## Tracking
| List | Submitted | PR Link | Status | Notes |
|------|-----------|---------|--------|-------|
| awesome-cybersecurity-agentic-ai | | | Pending | Highest priority |
| awesome-ai-security | | | Pending | |
| awesome-security | | | Pending | |
| awesome-pentest | | | Pending | |
| awesome-incident-response | | | Pending | |
| awesome-threat-intelligence | | | Pending | |
launch/conference-cfp-tracker.md
+127
View File
@@ -0,0 +1,127 @@
# Conference CFP Tracker
Track Call for Papers (CFP) deadlines and submission status for presenting Anthropic-Cybersecurity-Skills at security and AI conferences.
---
## Priority Target: Black Hat Arsenal
- **Event:** Black Hat USA 2026 Arsenal
- **Location:** Las Vegas, NV
- **Dates:** August 2026 (typically first week)
- **Deadline:** ~April 2026 (Arsenal CFP opens spring 2026)
- **Type:** Open-source tool showcase (Arsenal, not Briefings)
- **Requirements:**
- Working demo of the tool/project
- Open-source and publicly available
- Security-focused
- Live demonstration capability
- **Action Items:**
- [ ] Monitor https://www.blackhat.com/us-26/arsenal.html for CFP opening
- [ ] Prepare 2-minute elevator pitch
- [ ] Build live demo showing AI agent using skills for a security task
- [ ] Record backup demo video in case of technical issues
- [ ] Prepare poster/handout with QR code to repo
---
## All Conferences
| Conference | Type | Location | Estimated Dates | CFP Deadline | Submission Type | Status |
|-----------|------|----------|----------------|--------------|-----------------|--------|
| **Black Hat USA Arsenal** | Tool Demo | Las Vegas, NV | Aug 2026 | ~Apr 2026 | Arsenal submission | Monitoring |
| **DEF CON Demo Labs** | Tool Demo | Las Vegas, NV | Aug 2026 | ~May 2026 | Demo application | Monitoring |
| **BSides Las Vegas** | Talk/Workshop | Las Vegas, NV | Aug 2026 | ~Apr 2026 | CFP talk/workshop | Monitoring |
| **RSA Conference** | Talk/Expo | San Francisco, CA | Apr 2027 | ~Oct 2026 | Innovation Sandbox / talk | Future |
| **SANS Summits** | Talk | Various | Rolling | Rolling | Speaker application | Eligible |
| **ShmooCon** | Talk | Washington, DC | Jan 2027 | ~Oct 2026 | CFP talk | Future |
| **GrrCon** | Talk | Grand Rapids, MI | Oct 2026 | ~Jun 2026 | CFP talk | Monitoring |
| **DerbyCon / Louisville** | Talk | Louisville, KY | TBD | TBD | CFP talk | Check status |
| **Wild West Hackin' Fest** | Talk | Deadwood, SD | Oct 2026 | ~Jul 2026 | CFP talk | Monitoring |
| **Hack In The Box** | Talk | Various | Various | Various | CFP talk | Monitoring |
| **CanSecWest** | Talk | Vancouver, BC | Mar 2027 | ~Dec 2026 | CFP talk | Future |
| **Offensive Con** | Talk | Berlin, DE | Feb 2027 | ~Sep 2026 | CFP talk | Future |
| **NorthSec** | Talk/Workshop | Montreal, QC | May 2026 | ~Feb 2026 | CFP talk | Check if open |
| **AI Village (DEF CON)** | Talk/Demo | Las Vegas, NV | Aug 2026 | ~May 2026 | CFP talk/demo | Monitoring |
| **OWASP Global AppSec** | Talk | Various | Various | Various | CFP talk | Monitoring |
---
## Talk Abstract (Template)
**Title:** Building 611 Cybersecurity Skills for AI Agents: An Open Standard Approach
**Abstract:**
```
AI coding agents are increasingly used for security tasks, but they lack structured
cybersecurity knowledge. We present Anthropic-Cybersecurity-Skills, the first open-source
library of 611+ cybersecurity skills built on the agentskills.io standard. Each skill
is a self-contained SKILL.md file that any compatible AI agent can install and execute.
We cover the design of the skill format, the taxonomy across 12 cybersecurity subdomains
(threat detection, incident response, penetration testing, digital forensics, cloud
security, network security, malware analysis, and more), and live demonstrations of
AI agents performing real security tasks using these skills.
The project is open source (MIT), compatible with 20+ AI platforms including Claude Code,
GitHub Copilot, and Cursor, and designed for community contribution.
```
**Duration options:** Lightning talk (10 min), Standard talk (25-30 min), Workshop (60-90 min)
---
## Workshop Abstract (Template)
**Title:** Hands-On: Teaching AI Agents Cybersecurity with the agentskills.io Standard
**Abstract:**
```
In this hands-on workshop, attendees will learn how to create, install, and use
cybersecurity skills for AI coding agents. We start with installing existing skills
from the Anthropic-Cybersecurity-Skills library (611+ skills), then progress to
writing custom skills for specific security workflows.
Attendees will leave with:
- A working AI agent setup with cybersecurity skills installed
- Understanding of the SKILL.md format and agentskills.io standard
- A custom skill they authored during the workshop
- Knowledge of how to contribute back to the open-source project
Prerequisites: Laptop with an AI coding agent installed (Claude Code, Cursor, or similar).
```
---
## CFP Monitoring Resources
- **cfptime.org** -- Aggregated CFP deadlines across tech conferences
- **sec-deadlines.github.io** -- Security conference deadlines specifically
- **Twitter/X lists** -- Follow @BlackHatEvents, @defaborea, @BSidesLV, @RSAConference
- **Infosec CFP Calendar** -- https://infosec-conferences.com/cfp/
- **Lanyrd / Sessionize** -- Check for open CFPs
---
## Submission Tracking
| Conference | Submitted Date | Abstract Used | Status | Accepted? | Presentation Date | Notes |
|-----------|---------------|---------------|--------|-----------|-------------------|-------|
| | | | | | | |
---
## Demo Preparation Checklist
For any conference demo or Arsenal submission:
- [ ] Record 2-minute overview video
- [ ] Prepare offline fallback demo (no internet dependency)
- [ ] Create handout with repo QR code, key stats, and contact info
- [ ] Test skill installation flow end-to-end
- [ ] Prepare 3 compelling live demo scenarios:
1. Threat hunting with AI agent using detection skills
2. Incident response workflow guided by IR skills
3. Writing and installing a custom security skill
- [ ] Backup slides in case of demo failure
- [ ] Business cards or contact handouts
launch/hacker-news.md
+49
View File
@@ -0,0 +1,49 @@
# Hacker News - Show HN Post
## Title
Show HN: 611+ Cybersecurity Skills for AI Agents (agentskills.io open standard)
## Body
I built an open-source database of 611+ cybersecurity skills that AI agents can use to perform real security work -- from malware analysis with Volatility to cloud pen-testing with Pacu.
Each skill follows a structured format (YAML frontmatter + Markdown body) with:
- When to use (and when NOT to)
- Prerequisites and tool requirements
- Step-by-step workflows with real commands, not pseudocode
- References to real standards (NIST, MITRE ATT&CK, CIS)
- Practitioner helper scripts and report templates
The 611 skills cover 24 subdomains: cloud security, threat intelligence, web app security, threat hunting, malware analysis, digital forensics, SOC operations, network security, IAM, OT/ICS security, API security, container security, vulnerability management, red teaming, incident response, penetration testing, zero trust, phishing defense, endpoint security, DevSecOps, cryptography, mobile security, ransomware defense, and compliance/governance.
Why I built this: AI coding agents (Claude Code, Cursor, Copilot) are great at software engineering but have no structured cybersecurity knowledge. When you ask them to analyze a memory dump or triage a SIEM alert, they give generic advice instead of the precise Volatility plugin sequence or Splunk SPL query a practitioner would use.
The skills use "progressive disclosure" -- the frontmatter tells the agent WHEN to activate a skill, and the full body provides the HOW with exact commands, flags, and decision trees.
Format follows the agentskills.io open standard so any agent framework can consume them.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
Tech details:
- Each skill has SKILL.md + references/ + scripts/ + assets/
- Skills are tool-specific (not "use a scanner" but "use Nessus with these plugin families")
- Real CVE references, real MITRE ATT&CK technique IDs
- MIT licensed
Looking for contributors, especially practitioners who want to improve existing skills or add new ones in underrepresented areas (mobile security, OT/ICS, compliance).
## Timing
Post at 6:00 AM Pacific (9:00 AM Eastern) for maximum HN visibility. Tuesday through Thursday are optimal days.
## Engagement Rules
1. **Respond within 1 hour** of posting. Early engagement signals to the HN algorithm that the post is active and worth ranking higher.
2. **Be technical, not promotional.** Answer questions with specific technical details. Reference actual skill files, tool commands, and MITRE technique IDs.
3. **No vote requests.** Never ask anyone to upvote. This violates HN guidelines and can get the post flagged or penalized.
4. **Engage authentically.** If someone raises a valid criticism (e.g., "these skills are too shallow for real practitioners"), acknowledge it and explain the contribution model.
5. **Link to specific skills** when answering questions. For example: "Here's the actual Volatility skill that covers that -- [link to SKILL.md]"
6. **Avoid marketing language.** No "revolutionary," "game-changing," or "disrupting." Stick to factual descriptions of what the repo contains.
7. **Be prepared for skepticism.** HN users will question whether AI agents can actually do security work. Have concrete examples ready showing how an agent uses a skill file.
launch/metrics-tracker.md
+129
View File
@@ -0,0 +1,129 @@
# 30-Day Launch Metrics
Track key growth metrics for the first 30 days after public launch.
---
## Targets from Playbook
| Metric | Week 1 | Week 2 | Week 3 | Week 4 |
|--------|--------|--------|--------|--------|
| Stars | 150-400 | 400-800 | 800-1,200 | 1,200-2,000 |
| Forks | 15-40 | 40-80 | 80-120 | 120-200 |
| Contributors | 1-3 | 3-8 | 8-15 | 15-25 |
| Unique Visitors | 500-1,000 | 1,000-2,500 | 2,000-4,000 | 3,000-6,000 |
| Clones | 50-150 | 150-400 | 300-700 | 500-1,000 |
| Issues Opened | 5-15 | 15-30 | 25-50 | 40-75 |
| PRs Opened | 1-5 | 5-15 | 10-25 | 20-40 |
| Awesome List PRs Accepted | 0-1 | 1-2 | 2-4 | 3-6 |
---
## Daily Actuals
| Date | Day | Stars | Forks | Contributors | Unique Visitors | Clones | Issues | PRs | Notes |
|------|-----|-------|-------|--------------|-----------------|--------|--------|-----|-------|
| | 1 | | | | | | | | Launch day |
| | 2 | | | | | | | | |
| | 3 | | | | | | | | |
| | 4 | | | | | | | | |
| | 5 | | | | | | | | |
| | 6 | | | | | | | | |
| | 7 | | | | | | | | End of Week 1 |
| | 8 | | | | | | | | |
| | 9 | | | | | | | | |
| | 10 | | | | | | | | |
| | 11 | | | | | | | | |
| | 12 | | | | | | | | |
| | 13 | | | | | | | | |
| | 14 | | | | | | | | End of Week 2 |
| | 15 | | | | | | | | |
| | 16 | | | | | | | | |
| | 17 | | | | | | | | |
| | 18 | | | | | | | | |
| | 19 | | | | | | | | |
| | 20 | | | | | | | | |
| | 21 | | | | | | | | End of Week 3 |
| | 22 | | | | | | | | |
| | 23 | | | | | | | | |
| | 24 | | | | | | | | |
| | 25 | | | | | | | | |
| | 26 | | | | | | | | |
| | 27 | | | | | | | | |
| | 28 | | | | | | | | End of Week 4 |
| | 29 | | | | | | | | |
| | 30 | | | | | | | | 30-day mark |
---
## Weekly Summary
| Week | Stars (Total) | Stars (Delta) | Forks (Total) | Forks (Delta) | Contributors | Top Referrer | Notes |
|------|--------------|---------------|---------------|----------------|--------------|-------------|-------|
| 1 | | | | | | | |
| 2 | | | | | | | |
| 3 | | | | | | | |
| 4 | | | | | | | |
---
## Traffic Sources
Track where visitors come from (GitHub Insights > Traffic):
| Source | Week 1 | Week 2 | Week 3 | Week 4 |
|--------|--------|--------|--------|--------|
| GitHub Search | | | | |
| Direct / Bookmark | | | | |
| Reddit | | | | |
| Twitter/X | | | | |
| Hacker News | | | | |
| Awesome Lists | | | | |
| LinkedIn | | | | |
| Other | | | | |
---
## Content & Outreach Tracking
| Action | Date | Platform | Link | Engagement | Notes |
|--------|------|----------|------|------------|-------|
| Launch post | | Reddit r/cybersecurity | | | |
| Launch post | | Reddit r/netsec | | | |
| Launch post | | Hacker News | | | |
| Launch tweet | | Twitter/X | | | |
| LinkedIn post | | LinkedIn | | | |
| awesome-cybersecurity-agentic-ai PR | | GitHub | | | |
| awesome-ai-security PR | | GitHub | | | |
| awesome-security PR | | GitHub | | | |
| Demo video 1 | | YouTube | | | |
| Demo video 2 | | YouTube | | | |
| Demo video 3 | | YouTube | | | |
---
## Milestones
| Milestone | Target Date | Actual Date | Notes |
|-----------|------------|-------------|-------|
| First external star | Day 1 | | |
| First external fork | Day 1-2 | | |
| 100 stars | Week 1 | | |
| First external issue | Week 1 | | |
| First external PR | Week 1-2 | | |
| First awesome list acceptance | Week 2 | | |
| 500 stars | Week 2-3 | | |
| First external contributor merged | Week 2-3 | | |
| 1,000 stars | Week 3-4 | | |
| Featured in newsletter/blog | Week 2-4 | | |
| Conference talk accepted | Month 2+ | | |
---
## How to Collect Metrics
- **Stars/Forks:** GitHub repo page or `gh api repos/mukul975/Anthropic-Cybersecurity-Skills`
- **Unique Visitors/Clones:** GitHub Insights > Traffic (Settings > Insights, requires admin)
- **Referrers:** GitHub Insights > Traffic > Referring sites
- **Issues/PRs:** GitHub Issues/PR tabs or `gh issue list` / `gh pr list`
- **Contributors:** `git shortlog -sn --all` or GitHub Insights > Contributors
launch/reddit-posts.md
+196
View File
@@ -0,0 +1,196 @@
# Reddit Launch Posts
## Timing Guidance
- Space posts **2 hours apart** to avoid spam detection and maximize individual post visibility.
- Post **Tuesday through Thursday** for best engagement.
- Optimal window: **9:00 AM - 12:00 PM EST**.
- Suggested schedule: first post at 9:00 AM EST, second at 11:00 AM EST, third at 1:00 PM EST, then remaining posts over the following day.
- Do NOT cross-post (use Reddit's crosspost feature). Write unique copy for each subreddit.
---
## 1. r/netsec (~540K subscribers) -- Technical Focus
**Title:** Open-source database of 611+ structured cybersecurity skills for AI agents -- covers DFIR, malware analysis, cloud pentesting, and more
**Body:**
I've been building an open-source database of cybersecurity skills formatted for AI agent consumption. There are 611 skills across 24 subdomains, each following a structured YAML + Markdown format.
What makes this different from a wiki or cheat sheet:
- **Progressive disclosure architecture**: YAML frontmatter tells the agent WHEN to activate (trigger conditions, prerequisites), and the Markdown body provides the HOW (exact commands, tool flags, decision trees).
- **Tool-specific, not generic**: Skills reference specific tools with real commands. "Analyzing Memory Dumps with Volatility" includes the actual `vol3` plugin sequence, not "use a memory forensics tool."
- **Real references**: MITRE ATT&CK technique IDs, NIST control mappings, actual CVE numbers, CIS benchmark references.
- **Practitioner scripts and templates**: Each skill can include helper scripts and filled-in report/checklist templates.
Subdomain breakdown:
- Cloud Security (48 skills) -- AWS, Azure, GCP specific
- Threat Intelligence (43) -- STIX/TAXII, MISP, diamond model
- Web App Security (41) -- OWASP Top 10, specific injection types
- Threat Hunting (35) -- hypothesis-driven, ATT&CK-mapped
- Malware Analysis (34) -- static, dynamic, reverse engineering
- Digital Forensics (34) -- disk, memory, network, mobile
- Plus 18 more subdomains
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
Format follows the agentskills.io open standard. MIT licensed. Looking for practitioner contributors.
---
## 2. r/cybersecurity (~1M+ subscribers) -- Broader Audience
**Title:** I built an open-source library of 611 cybersecurity skills that AI agents can actually use -- from memory forensics to cloud pentesting
**Body:**
AI coding agents like Claude Code and GitHub Copilot are increasingly used for security tasks, but they lack structured cybersecurity knowledge. When you ask them to analyze a suspicious process or triage a SIEM alert, you get generic advice instead of the specific Volatility plugin, Splunk query, or Nessus configuration a practitioner would use.
I built an open-source database of 611 cybersecurity skills designed to give AI agents real practitioner-level knowledge.
**What each skill includes:**
- When to use it (and when NOT to)
- Tool-specific prerequisites
- Step-by-step workflows with exact commands
- References to MITRE ATT&CK, NIST, CIS benchmarks
- Helper scripts and report templates
**Coverage across 24 subdomains:**
Cloud Security, Threat Intelligence, Web App Security, Threat Hunting, Malware Analysis, Digital Forensics, SOC Operations, Network Security, IAM, OT/ICS Security, API Security, Container Security, Vulnerability Management, Red Teaming, Incident Response, Penetration Testing, Zero Trust, Phishing Defense, Endpoint Security, DevSecOps, Cryptography, Mobile Security, Ransomware Defense, Compliance & Governance.
The skills use a "progressive disclosure" format -- the YAML frontmatter gives the agent enough context to know when to activate, and the full body has the detailed procedure.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
MIT licensed. Looking for contributors, especially from practitioners who want to encode their expertise into a format AI agents can use.
---
## 3. r/blueteamsec (~34K subscribers) -- Defensive Focus
**Title:** Open-source skill library for AI-assisted blue team operations -- 611 skills covering DFIR, threat hunting, SOC operations, and detection engineering
**Body:**
Built an open-source database of 611 cybersecurity skills structured for AI agent consumption, with strong coverage of defensive operations:
**Blue team coverage:**
- **Threat Hunting (35 skills)**: Hypothesis-driven hunts for beaconing, LOLBins, persistence mechanisms, DNS tunneling, lateral movement, supply chain compromise
- **SOC Operations (33 skills)**: Alert triage, detection rule building (Sigma, Splunk SPL), SOAR playbooks, escalation matrices, metrics/KPI tracking
- **Incident Response (24 skills)**: Containment procedures, forensic collection, timeline reconstruction, ransomware response, lessons learned
- **Digital Forensics (34 skills)**: Memory forensics with Volatility, disk analysis with Autopsy, network forensics with Wireshark/Zeek, timeline analysis with Plaso
- **Threat Intelligence (43 skills)**: STIX/TAXII integration, MISP feeds, IOC enrichment, threat actor profiling, diamond model analysis
- **Detection Engineering**: Sigma rules, Splunk SPL queries, Suricata rules, Zeek scripts
Each skill includes the exact tool commands, decision trees, and real framework references (MITRE ATT&CK techniques, NIST controls) that a practitioner would use.
The format is designed so AI agents (Claude Code, Copilot, etc.) can use these skills to assist with real security work -- not replace analysts, but give them an AI assistant that actually knows the right Volatility plugin or Splunk query.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
MIT licensed. Contributions welcome -- especially from SOC analysts and IR practitioners.
---
## 4. r/hacking
**Title:** 611 cybersecurity skills structured for AI agents -- open-source, covers pentesting, red teaming, malware analysis, forensics, and more
**Body:**
Open-sourced a database of 611 cybersecurity skills that AI agents can use to assist with real security work.
Skills cover both offensive and defensive domains:
- **Penetration Testing (23 skills)**: Web app, network, cloud, mobile, AD, wireless
- **Red Teaming (24 skills)**: C2 infrastructure, lateral movement, persistence, AD attack paths
- **Malware Analysis (34 skills)**: Reverse engineering with Ghidra, dynamic analysis with CAPE/Cuckoo, packed malware unpacking
- **Web App Security (41 skills)**: SQLi, XSS, SSRF, deserialization, race conditions, request smuggling
- **Network Security (33 skills)**: Nmap, Wireshark, Suricata, Zeek, ARP spoofing, VLAN hopping
Each skill has real commands, not pseudocode. The Metasploit skill has actual `msfconsole` commands. The SQLMap skill has actual flags and tamper scripts. The Bloodhound skill has actual Cypher queries.
Format: YAML frontmatter + structured Markdown. Follows the agentskills.io open standard.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
MIT licensed. PRs welcome.
---
## 5. r/redteamsec
**Title:** Open-source AI agent skills for red team operations -- AD attack paths, C2 infrastructure, lateral movement, persistence techniques
**Body:**
I built a structured skill database for AI agents that includes significant red team coverage:
- **Red Teaming (24 skills)**: C2 with Sliver/Havoc, AD attack simulation, engagement planning, purple team exercises
- **Penetration Testing (23 skills)**: Full-scope pentesting, AD pentesting, cloud pentesting with Pacu/ScoutSuite, wireless with Aircrack-ng
- **Active Directory**: Bloodhound CE, Kerberoasting with Impacket, DCSync, constrained delegation abuse, NoPac, Zerologon, certificate services ESC1
- **Web exploitation**: SQLi, SSRF, deserialization, template injection, prototype pollution, request smuggling, race conditions
Each skill is structured with YAML frontmatter (triggers, prerequisites, tags) and a Markdown body with exact tool commands, decision trees, and MITRE ATT&CK mappings.
The idea: give AI agents the structured knowledge to assist with authorized security testing, not replace operators but augment them with instant recall of the right tool flag or attack chain.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
MIT licensed. Would especially appreciate contributions from red teamers on evasion techniques and emerging TTPs.
---
## 6. r/artificial
**Title:** Built 611 cybersecurity skills for AI agents -- how structured knowledge databases can make AI actually useful for specialized domains
**Body:**
AI coding agents (Claude Code, Cursor, GitHub Copilot) are powerful at general software engineering, but they struggle with specialized domains like cybersecurity. Ask them to analyze a memory dump and you get vague advice. Give them a structured skill file with the exact Volatility plugin sequence and decision tree, and they become genuinely useful.
I built an open-source database of 611 cybersecurity skills structured for AI agent consumption:
**The core insight: progressive disclosure**
The skills use a two-layer architecture:
1. **YAML frontmatter** -- Tells the agent WHEN to activate: skill name, description, domain/subdomain, tags. This is what gets indexed and matched against user queries.
2. **Markdown body** -- The HOW: step-by-step workflows with exact commands, tool flags, decision trees, validation steps. Only loaded when the skill activates.
This mirrors how human expertise works -- a senior analyst doesn't consciously think through every step of memory forensics until they need to, but they know instantly when it's the right approach.
**24 subdomains, 611 skills** covering cloud security, malware analysis, threat hunting, incident response, penetration testing, red teaming, and more.
The format follows the agentskills.io open standard, so any agent framework can index and use these skills.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
Interested in the broader question: how do we build domain-specific knowledge layers for AI agents? Cybersecurity is just one domain -- the same pattern could work for medicine, law, finance, etc.
---
## 7. r/opensource
**Title:** Open-sourced 611 cybersecurity skills for AI agents -- MIT licensed, structured for any agent framework
**Body:**
I've open-sourced a database of 611 cybersecurity skills designed for AI agent consumption.
**Why this exists:** AI agents are increasingly used for security tasks, but they lack the structured, tool-specific knowledge that practitioners have. This database encodes that knowledge in a format any AI agent can use.
**What's in it:**
- 611 skills across 24 cybersecurity subdomains
- Each skill: YAML frontmatter + structured Markdown with real commands
- References to MITRE ATT&CK, NIST, CIS benchmarks
- Helper scripts and report templates
- Follows the agentskills.io open standard
**Tech stack:** Pure Markdown + YAML. No build system, no dependencies. Any tool that can read files can use these skills.
**License:** MIT
**Contributing:** Looking for cybersecurity practitioners who want to improve existing skills or add new ones. The format is simple -- if you can write a runbook, you can contribute a skill.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
launch/twitter-thread.md
+89
View File
@@ -0,0 +1,89 @@
# Twitter/X Launch Thread
Post as a thread. Pin the first tweet. Include the repo link in tweet 1 and tweet 7.
---
## Tweet 1 (268 characters)
I just open-sourced 611 cybersecurity skills for AI agents.
From malware analysis with Volatility to cloud pentesting with Pacu -- structured so Claude Code, Copilot, and any AI agent can use them.
MIT licensed. All 24 subdomains of cybersecurity.
github.com/mukul975/Anthropic-Cybersecurity-Skills
---
## Tweet 2 (277 characters)
The problem: AI agents are great at coding but terrible at cybersecurity.
Ask Claude to analyze a memory dump and you get generic advice.
Give it a structured skill with the exact Volatility plugin sequence, and it gives you the precise commands a senior analyst would use.
---
## Tweet 3 (270 characters)
Each skill uses progressive disclosure:
YAML frontmatter = WHEN to activate (triggers, domain, tags)
Markdown body = HOW to execute (exact commands, decision trees, validation)
The agent loads the frontmatter for routing, then the full body only when it needs the details.
---
## Tweet 4 (280 characters)
611 skills across 24 subdomains:
- Cloud Security (48)
- Threat Intelligence (43)
- Web App Security (41)
- Threat Hunting (35)
- Malware Analysis (34)
- Digital Forensics (34)
- SOC Operations (33)
- Network Security (33)
- IAM (33)
- OT/ICS Security (28)
- And 14 more
---
## Tweet 5 (257 characters)
These aren't generic cheat sheets. Every skill has:
- Real tool commands (not "use a scanner")
- MITRE ATT&CK technique IDs
- NIST/CIS benchmark references
- Decision trees for edge cases
- Practitioner helper scripts
- Filled-in report templates
---
## Tweet 6 (243 characters)
Why this matters for the security industry:
AI agents will increasingly assist with security work. The question isn't IF but HOW WELL.
Structured skill databases are how we go from "vaguely helpful AI" to "AI that knows the right Splunk query for T1059.001."
---
## Tweet 7 (248 characters)
The repo is MIT licensed and follows the agentskills.io open standard.
Looking for contributors -- especially practitioners who want to encode their expertise for AI agents.
If you write runbooks, you can write skills.
github.com/mukul975/Anthropic-Cybersecurity-Skills