From dfb5f321e718a28d1b91bb5bb2aa92c96cfb1519 Mon Sep 17 00:00:00 2001 From: mukul975 Date: Wed, 25 Feb 2026 11:11:17 +0100 Subject: [PATCH] Add launch outreach docs: awesome lists, conferences, metrics tracker, SECURITY.md --- SECURITY.md | 47 ++++ launch/anthropic-partnership-pathway.md | 238 ++++++++++++++++++ launch/video-scripts.md | 322 ++++++++++++++++++++++++ 3 files changed, 607 insertions(+) create mode 100644 SECURITY.md create mode 100644 launch/anthropic-partnership-pathway.md create mode 100644 launch/video-scripts.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..e8459252 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,47 @@ +# Security Policy + +## Supported Versions + +All skill content in this repository is covered by this security policy. + +| Component | Supported | +|-----------|-----------| +| Skill definitions (SKILL.md files) | Yes | +| Scripts and automation | Yes | +| Documentation | Yes | + +## Reporting a Vulnerability + +If you discover a security issue with any skill's scripts, instructions, or content, please report it responsibly: + +1. **Do not** open a public issue +2. Use GitHub's private security advisory: [Report a vulnerability](https://github.com/mukul975/Anthropic-Cybersecurity-Skills/security/advisories/new) +3. Include in your report: + - Affected skill name and file path + - Nature of the vulnerability + - Potential impact + - Steps to reproduce (if applicable) + - Suggested fix (if you have one) + +## Response Timeline + +- **Initial acknowledgment:** Within 48 hours +- **Assessment and triage:** Within 1 week +- **Fix or mitigation:** Based on severity, typically within 2 weeks + +## Scope + +The following are in scope for security reports: + +- Skills that contain commands or scripts that could cause unintended harm +- Instructions that could lead to unauthorized access if followed incorrectly +- Sensitive data accidentally included in skill content +- Dependencies or external references that have become compromised + +## Recognition + +We credit responsible disclosures in our changelog. If you report a valid security issue, we will acknowledge your contribution unless you prefer to remain anonymous. + +## Contact + +For security matters that cannot be reported through GitHub's advisory system, reach out via the repository's discussion forum. diff --git a/launch/anthropic-partnership-pathway.md b/launch/anthropic-partnership-pathway.md new file mode 100644 index 00000000..32ad40dc --- /dev/null +++ b/launch/anthropic-partnership-pathway.md @@ -0,0 +1,238 @@ +# Anthropic Partnership Pathway + +Step-by-step guide to building a formal relationship with Anthropic and the broader agentskills.io ecosystem. The goal is official recognition of Anthropic-Cybersecurity-Skills as a reference implementation for cybersecurity agent skills. + +--- + +## Phase 1: Spec Compliance Verification + +**Timeline:** Before any outreach +**Goal:** Ensure every skill in the repo fully conforms to the agentskills.io specification + +### Steps + +1. **Review the agentskills.io specification** + - Read the full spec at https://agentskills.io + - Document every required and optional field in SKILL.md frontmatter + - Document body structure requirements + +2. **Audit all 611 skills for compliance** + - Run automated validation against the spec + - Check YAML frontmatter fields: name, description, version, tags, category + - Verify body sections follow the expected structure + - Fix any non-compliant skills + +3. **Create a validation script** + - Build a CI check that validates all SKILL.md files against the spec + - Add it to GitHub Actions so future PRs are automatically validated + - Document the validation process in CONTRIBUTING.md + +4. **Self-certify compliance** + - Add a badge or note in README: "agentskills.io compliant" + - Reference the spec version you comply with + +--- + +## Phase 2: Skill Directory Submissions + +**Timeline:** After Phase 1 is complete +**Goal:** Get listed on official and community skill directories + +### Target Directories + +#### agentskill.sh +- **URL:** https://agentskill.sh +- **Action:** Submit the repo for listing as a cybersecurity skill collection +- **What to include:** Repo URL, skill count, subdomain coverage, compatibility list +- **Status:** [ ] Submitted [ ] Listed + +#### SkillsMP (Skills Marketplace) +- **URL:** Check for current URL and submission process +- **Action:** Submit individual high-quality skills or the full collection +- **What to include:** Featured skills with descriptions, install instructions +- **Status:** [ ] Submitted [ ] Listed + +#### skills.sh +- **URL:** https://skills.sh +- **Action:** Register the project and submit for directory listing +- **What to include:** Repo URL, category (cybersecurity), compatibility info +- **Status:** [ ] Submitted [ ] Listed + +### Submission Template +``` +Project: Anthropic-Cybersecurity-Skills +URL: https://github.com/mukul975/Anthropic-Cybersecurity-Skills +Skills: 611+ +Category: Cybersecurity +Subdomains: Threat detection, incident response, penetration testing, + digital forensics, cloud security, network security, malware analysis, + application security, identity & access management, compliance, + security operations, cryptography +Standard: agentskills.io (SKILL.md format) +License: MIT +Compatibility: Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, + Windsurf, and 20+ AI platforms +``` + +--- + +## Phase 3: Engage the agentskills.io Community + +**Timeline:** After directory submissions +**Goal:** Become a recognized contributor to the agentskills.io ecosystem + +### Steps + +1. **Open a discussion on agentskills/agentskills** + - Repository: https://github.com/agentskills/agentskills (verify current URL) + - Type: Discussion (not Issue) + - Title: "Cybersecurity domain skills: 611+ skills available for community use" + - Body: Introduce the project, explain the scope, invite feedback on skill quality and spec compliance + - Tone: Collaborative, not promotional + +2. **Discussion body template:** + ```markdown + ## Cybersecurity Skills Collection + + We've built a collection of 611+ cybersecurity skills following the + agentskills.io standard. The skills cover 12 subdomains including threat + detection, incident response, penetration testing, digital forensics, + and cloud security. + + **Repo:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills + + We'd love feedback from the community on: + - Spec compliance -- are we following the standard correctly? + - Skill quality -- are the methodologies accurate and useful? + - Missing coverage -- what cybersecurity skills should we add? + + Happy to contribute these to the ecosystem in whatever way is most useful. + ``` + +3. **Respond to feedback promptly** + - Fix any spec compliance issues raised + - Incorporate quality suggestions + - Be responsive and collaborative + +4. **Offer to help with the spec itself** + - If there are open issues on the agentskills spec repo, contribute fixes + - Propose cybersecurity-specific extensions if they would help the standard + +--- + +## Phase 4: Engage Anthropic Developer Relations + +**Timeline:** After community engagement shows traction (100+ stars, directory listings) +**Goal:** Get on Anthropic's radar for potential partnership or promotion + +### Steps + +1. **Identify contacts** + - Anthropic Developer Relations team + - Anthropic community forums and Discord + - Anthropic blog / social media team + - Claude Code product team + +2. **Initial outreach** + - Post in Anthropic's developer community (forum/Discord) about the project + - Share how it enhances Claude Code's cybersecurity capabilities + - Frame it as: "Here's what we built to make Claude better at security" + +3. **Outreach message template:** + ``` + Hi Anthropic team, + + We've built Anthropic-Cybersecurity-Skills, an open-source library of + 611+ cybersecurity skills for AI agents following the agentskills.io + standard. It's designed to make Claude Code significantly more capable + at security tasks -- threat detection, incident response, pentesting, + forensics, and more. + + The project is MIT licensed, has [X] stars, and is listed on [directories]. + + We'd love to discuss how this could be useful to the Claude ecosystem, + whether through official promotion, integration, or collaboration. + + Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills + ``` + +4. **Provide value first** + - File bug reports on Claude Code's security capabilities + - Write blog posts about using Claude Code for security tasks + - Create tutorials that showcase Claude + cybersecurity skills + - Be a visible, helpful member of the Anthropic community + +--- + +## Phase 5: Submit Skills to anthropics/skills + +**Timeline:** After Anthropic engagement +**Goal:** Get skills accepted into Anthropic's official skills repository + +### Steps + +1. **Identify the target repo** + - Check https://github.com/anthropics/skills (or current equivalent) + - Read their CONTRIBUTING.md and submission requirements + - Understand their quality bar and review process + +2. **Select 3-5 best skills for initial submission** + - Choose skills that are: + - Highest quality and most thoroughly tested + - Broadly useful (not niche edge cases) + - Well-structured and clearly written + - Demonstrably effective when used by Claude + - Recommended initial submissions: + 1. A threat detection / log analysis skill (most broadly useful) + 2. An incident response triage skill (high demand) + 3. A cloud security assessment skill (relevant to many users) + 4. A vulnerability analysis skill (practical and demonstrable) + 5. A security code review skill (directly relevant to coding agents) + +3. **Polish selected skills** + - Review each skill line by line for clarity and accuracy + - Test each skill with Claude Code to verify it produces good results + - Ensure perfect spec compliance + - Add any fields or sections required by Anthropic's repo format + +4. **Submit PRs** + - One PR per skill (easier to review) + - Clear PR descriptions explaining the skill's purpose and testing + - Be responsive to review feedback + - Do not submit all at once; space them out + +5. **Follow up** + - If PRs are not reviewed within 2 weeks, politely follow up + - Incorporate any requested changes quickly + - Once initial skills are accepted, propose a larger batch + +--- + +## Success Criteria + +| Milestone | Target | Status | +|-----------|--------|--------| +| All 611 skills pass spec validation | Phase 1 | [ ] | +| Listed on agentskill.sh | Phase 2 | [ ] | +| Listed on skills.sh | Phase 2 | [ ] | +| Discussion opened on agentskills/agentskills | Phase 3 | [ ] | +| Positive response from agentskills community | Phase 3 | [ ] | +| Posted in Anthropic developer community | Phase 4 | [ ] | +| Response from Anthropic team member | Phase 4 | [ ] | +| First skill accepted into anthropics/skills | Phase 5 | [ ] | +| 3+ skills accepted into anthropics/skills | Phase 5 | [ ] | +| Official mention or promotion by Anthropic | Phase 5 | [ ] | + +--- + +## Timeline Summary + +| Phase | Description | Estimated Duration | Prerequisites | +|-------|-------------|-------------------|---------------| +| 1 | Spec compliance verification | 1-2 weeks | None | +| 2 | Directory submissions | 1 week | Phase 1 | +| 3 | agentskills.io community engagement | 2-4 weeks | Phase 2 | +| 4 | Anthropic developer relations | 2-4 weeks | Phase 3 + traction | +| 5 | Submit to anthropics/skills | 2-4 weeks | Phase 4 | + +Total estimated timeline: 2-3 months from start to first accepted skill in Anthropic's repo. diff --git a/launch/video-scripts.md b/launch/video-scripts.md new file mode 100644 index 00000000..b7e6d5a5 --- /dev/null +++ b/launch/video-scripts.md @@ -0,0 +1,322 @@ +# Demo Video Scripts + +Scripts for 3 launch demo videos. Each video targets a specific audience and goal. + +--- + +## Video 1: Install & Demo -- Cybersecurity Skills for Claude Code + +**Duration:** 3-5 minutes +**Target audience:** AI agent users, developers, security practitioners +**Goal:** Show installation and immediate value + +### Title Card +``` +Anthropic-Cybersecurity-Skills +611+ Cybersecurity Skills for AI Agents +github.com/mukul975/Anthropic-Cybersecurity-Skills +``` + +### Narration Script + +**[0:00-0:15] Opening** + +"What if your AI coding agent actually understood cybersecurity? Not just generic advice, but real, structured security skills it can follow step by step. That's exactly what Anthropic-Cybersecurity-Skills gives you. Let me show you." + +**[0:15-0:45] What it is** + +"Anthropic-Cybersecurity-Skills is an open-source library of over 611 cybersecurity skills built on the agentskills.io standard. Each skill is a structured SKILL.md file that any compatible AI agent can install and use. It covers threat detection, incident response, penetration testing, digital forensics, cloud security, network security, and more." + +**[0:45-1:30] Installation** + +"Let me show you how to install it. I'll open my terminal and clone the repository." + +[Screen: terminal showing git clone] + +"Now I'll tell Claude Code to use these skills. I add the skills directory to my project configuration." + +[Screen: showing .claude/skills or equivalent configuration] + +"That's it. The agent now has access to 611 cybersecurity skills." + +**[1:30-3:00] Live Demo** + +"Let's test it. I'll ask Claude to help me analyze a suspicious log file." + +[Screen: Claude Code using a threat detection skill to analyze logs] + +"Notice how the agent follows a structured methodology -- it's not guessing. It's following the skill's defined steps: identify indicators, correlate events, assess severity, and recommend response actions." + +[Screen: showing the skill output with structured analysis] + +"Let me try another one. I'll ask it to help with an incident response triage." + +[Screen: Claude using an IR skill] + +"Again, structured output following a defined methodology. This is the difference between an AI that gives generic security advice and one that follows professional security workflows." + +**[3:00-3:30] Closing** + +"All 611 skills are open source, free to use, and ready for you to install right now. Check out the repo at the link below, star it if you find it useful, and try installing skills into your own AI agent. Link in the description." + +[Screen: GitHub repo page with star button highlighted] + +### Screen Recording Checklist +- [ ] Clean terminal with readable font size (16pt+) +- [ ] Repo already cloned for speed (or show quick clone) +- [ ] Pre-staged log file for the threat detection demo +- [ ] Claude Code open and ready +- [ ] Screen resolution: 1920x1080 +- [ ] Dark theme for terminal visibility +- [ ] Zoom in on key moments (skill output, structured results) +- [ ] No personal information visible on screen +- [ ] Test full flow end-to-end before recording + +### YouTube Metadata + +**Title:** Install 611 Cybersecurity Skills for Claude Code in 2 Minutes | AI Agent Security + +**Description:** +``` +Install 611+ cybersecurity skills for your AI coding agent. Works with Claude Code, +GitHub Copilot, Cursor, and 20+ platforms. + +Get the skills: https://github.com/mukul975/Anthropic-Cybersecurity-Skills + +Skills cover: +- Threat detection & hunting +- Incident response +- Penetration testing +- Digital forensics +- Cloud security (AWS, Azure, GCP) +- Network security +- Malware analysis +- And more + +Built on the agentskills.io open standard. + +#cybersecurity #aiagents #claudecode #security #hacking #infosec +``` + +**Tags:** cybersecurity, AI agents, Claude Code, security skills, threat detection, incident response, penetration testing, agentskills, open source, infosec, AI security, GitHub Copilot, Cursor, security automation + +--- + +## Video 2: AI Agent vs. Real Security Task -- Testing Threat Hunting Skills + +**Duration:** 5-8 minutes +**Target audience:** Security professionals, SOC analysts, threat hunters +**Goal:** Demonstrate real-world applicability and depth + +### Title Card +``` +AI Agent vs. Real Security Task +Testing Threat Hunting Skills +Anthropic-Cybersecurity-Skills +``` + +### Narration Script + +**[0:00-0:30] Opening** + +"Can an AI agent actually help with real threat hunting? Not toy examples, but actual security analysis work? I installed 611 cybersecurity skills into Claude Code and I'm going to put it to the test with a realistic threat hunting scenario." + +**[0:30-1:30] Setup** + +"Here's the scenario. We have a set of network logs and system events from what looks like a compromised environment. There are signs of lateral movement, possible data exfiltration, and some suspicious process execution. Let's see how the AI agent handles this with the cybersecurity skills installed." + +[Screen: showing sample log data] + +"I have the Anthropic-Cybersecurity-Skills library installed. The agent has access to threat detection skills, network analysis skills, and incident response skills. Let's go." + +**[1:30-4:00] Threat Hunting Walkthrough** + +"First, I'll ask the agent to perform initial threat hunting on these logs." + +[Screen: Claude analyzing logs using threat hunting skill] + +"Look at this. The agent is following a structured methodology from the threat hunting skill. It starts with hypothesis generation based on the available data, then moves to indicator identification." + +[Screen: showing structured output with IOCs identified] + +"It's found several indicators of compromise: unusual outbound connections, encoded PowerShell commands, and registry modifications consistent with persistence mechanisms. Let's dig deeper." + +[Screen: asking Claude to investigate lateral movement indicators] + +"Now it's correlating events across multiple log sources, mapping to MITRE ATT&CK techniques. T1059 Command and Scripting Interpreter, T1547 Boot or Logon Autostart Execution, T1071 Application Layer Protocol for the C2 channel." + +[Screen: showing ATT&CK mapping output] + +**[4:00-5:30] Analysis Quality** + +"What makes this useful isn't just that it found things -- any grep command could find suspicious strings. The value is in the structured analysis. The skill guides the agent through a repeatable methodology: collect, correlate, hypothesize, validate, and document." + +"Compare this to asking a generic AI the same question without these skills. You'd get a wall of text with generic advice. With the skills installed, you get structured, actionable output that follows professional security workflows." + +**[5:30-6:30] Closing** + +"This is one scenario across one set of skills. The library has 611 skills covering 12 cybersecurity subdomains. Threat detection, incident response, pentesting, forensics, cloud security, and more." + +"If you're a security professional who uses AI tools, these skills make your agent significantly more capable. Link to the repo in the description. Star it, try it, and let me know what you think." + +### Screen Recording Checklist +- [ ] Prepare realistic (but safe) log samples in advance +- [ ] Pre-test the full scenario to ensure compelling output +- [ ] Have ATT&CK framework reference ready for cross-checking +- [ ] Screen resolution: 1920x1080, dark theme +- [ ] Record agent output in real-time (no speedup on analysis sections) +- [ ] Highlight key findings with cursor or annotations +- [ ] Prepare fallback if agent output differs from expected + +### YouTube Metadata + +**Title:** AI Agent Threat Hunting Test: Can Claude Code Analyze Real Security Logs? + +**Description:** +``` +Testing whether an AI agent with 611 cybersecurity skills can perform real threat hunting. +Using Claude Code with Anthropic-Cybersecurity-Skills installed. + +Get the skills: https://github.com/mukul975/Anthropic-Cybersecurity-Skills + +In this video: +- Realistic threat hunting scenario with network and system logs +- AI agent following structured threat detection methodology +- IOC identification and correlation +- MITRE ATT&CK technique mapping +- Comparison with vs without cybersecurity skills installed + +#threathunting #cybersecurity #aiagents #soc #infosec #mitreattack +``` + +**Tags:** threat hunting, cybersecurity, AI agents, SOC analyst, Claude Code, MITRE ATT&CK, incident response, log analysis, IOC, threat detection, security automation, AI security + +--- + +## Video 3: Contributing Your First Cybersecurity Skill (SKILL.md Tutorial) + +**Duration:** 5-7 minutes +**Target audience:** Open-source contributors, security practitioners wanting to contribute +**Goal:** Lower the barrier to contribution, grow the community + +### Title Card +``` +Contributing Your First Cybersecurity Skill +A SKILL.md Tutorial +Anthropic-Cybersecurity-Skills +``` + +### Narration Script + +**[0:00-0:30] Opening** + +"Want to contribute a cybersecurity skill that AI agents around the world can use? In the next few minutes, I'll walk you through writing your first SKILL.md file and submitting it to the Anthropic-Cybersecurity-Skills project. It's easier than you think." + +**[0:30-1:30] Understanding the Format** + +"Every skill in this project is a single file called SKILL.md. It follows the agentskills.io standard, which means any compatible AI agent can read and use it. Let me show you the structure." + +[Screen: open an existing SKILL.md file] + +"The file has YAML frontmatter at the top with metadata -- the skill name, description, version, tags, and category. Then the body contains the actual skill content in Markdown: an overview, step-by-step methodology, tools and commands, and expected outputs." + +[Screen: highlighting each section] + +"Think of it as writing a structured playbook that an AI agent will follow. You're encoding your security expertise into a format that machines can use." + +**[1:30-3:30] Writing a Skill** + +"Let's write one from scratch. I'll create a skill for analyzing suspicious email headers -- a common security task." + +[Screen: create new directory and SKILL.md file] + +"First, the frontmatter. I'll set the name, description, category, and tags." + +[Screen: typing YAML frontmatter] + +"Now the body. I start with an overview explaining what this skill does and when to use it. Then I write the step-by-step methodology." + +[Screen: typing the skill body] + +"Step 1: Extract and parse email headers. Step 2: Analyze the Received chain for anomalies. Step 3: Check SPF, DKIM, and DMARC results. Step 4: Investigate sender reputation. Step 5: Document findings and recommend action." + +"For each step, I include the specific commands, tools, or techniques the AI agent should use. The more concrete and actionable, the better the skill works." + +[Screen: completing the skill with tools and expected outputs] + +**[3:30-5:00] Submitting a PR** + +"Now let's submit this as a contribution. I'll fork the repo, create a branch, add my skill, and open a pull request." + +[Screen: git workflow] + +"Fork the repo. Create a branch named for your skill. Add your SKILL.md file in the correct subdomain directory. Commit with a clear message." + +[Screen: showing PR creation on GitHub] + +"In the PR description, explain what your skill does and why it's useful. The maintainers will review it and provide feedback." + +**[5:00-5:45] Tips and Closing** + +"A few tips for writing great skills. First, be specific -- vague instructions produce vague results. Second, include real tool names and commands when applicable. Third, structure your steps in a logical order that a security professional would follow. Fourth, test it by actually asking an AI agent to use your skill before you submit." + +"The project has over 611 skills already, but there's always room for more. Check the issues tab for skill requests, or contribute something from your own expertise. Every contribution helps make AI agents better at cybersecurity. Link in the description." + +### Screen Recording Checklist +- [ ] Have an existing SKILL.md open as reference +- [ ] Pre-plan the example skill (email header analysis) but type live +- [ ] Show the git fork/branch/PR workflow step by step +- [ ] Use GitHub web UI for the PR creation (more visual) +- [ ] Screen resolution: 1920x1080 +- [ ] Split screen: editor on left, preview on right (if possible) +- [ ] Show CONTRIBUTING.md guidelines briefly +- [ ] Test the finished skill with an AI agent as a bonus segment + +### YouTube Metadata + +**Title:** Write Your First AI Cybersecurity Skill in 5 Minutes | SKILL.md Tutorial + +**Description:** +``` +Step-by-step tutorial for contributing a cybersecurity skill to the +Anthropic-Cybersecurity-Skills open-source project. + +Get started: https://github.com/mukul975/Anthropic-Cybersecurity-Skills + +In this video: +- Understanding the SKILL.md format (agentskills.io standard) +- Writing a skill from scratch (email header analysis example) +- Submitting your contribution via GitHub PR +- Tips for writing effective security skills + +No prior open-source contribution experience needed. + +#opensource #cybersecurity #tutorial #aiagents #contributing #github +``` + +**Tags:** open source contribution, SKILL.md, agentskills, cybersecurity, tutorial, GitHub, pull request, AI agents, security skills, Claude Code, how to contribute, beginner friendly + +--- + +## Production Notes + +### Recording Setup +- **Screen recording:** OBS Studio (free) or ScreenFlow (Mac) +- **Audio:** External USB microphone recommended; record in quiet room +- **Resolution:** 1920x1080 minimum, 4K preferred +- **Frame rate:** 30fps for screen recordings +- **Format:** MP4 (H.264) for upload + +### Editing Checklist +- [ ] Add title cards at beginning and end +- [ ] Add subscribe/star callout overlays +- [ ] Speed up typing sections (1.5-2x) to maintain pacing +- [ ] Add chapter markers for YouTube +- [ ] Add captions/subtitles (YouTube auto-captions + manual review) +- [ ] Include repo link as pinned comment + +### Thumbnail Design +- High contrast text on dark background +- Include "611 Skills" or key number +- Show terminal/code screenshot in background +- Use consistent branding across all 3 videos