creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 21:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Remove unnecessary files - keep only skills, docs, and repo config

Browse Source
This commit is contained in:
mukul975
2026-02-25 11:14:56 +01:00
parent e6471dff99
commit f0b3f50a99
17 changed files with 0 additions and 1983 deletions
Download Patch File Download Diff File Expand all files Collapse all files
AUTHORS.md
-10
View File
@@ -1,10 +0,0 @@
# Authors and Contributors
## Maintainer
- **mukul975** — Creator and primary maintainer
## Contributors
<!-- Contributors will be added here as they join the project -->
## How to Become a Contributor
See [CONTRIBUTING.md](CONTRIBUTING.md) for how to add skills and get listed here.
assets/README.md
-13
View File
@@ -1,13 +0,0 @@
# Assets
This directory contains repository assets:
- `banner.png` — Repository social banner (1280×640px)
- `demo.gif` or `demo.svg` — Terminal demo animation
## Creating the Banner
Recommended: Use [Socialify](https://socialify.git.ci/mukul975/Anthropic-Cybersecurity-Skills) to generate a professional banner.
## Creating the Demo
Record with asciinema: `asciinema rec demo.cast`
Export as SVG: `svg-term --cast demo.cast --out demo.svg --window`
benchmarks/README.md
-129
View File
@@ -1,129 +0,0 @@
# Agent Compatibility Benchmarks
Tests run against real AI agents to verify skill discovery and execution.
## Test Matrix
| AI Agent | Discovery | Execution | Score |
|----------|-----------|-----------|-------|
| Claude Code | Passed | Passed | 100% |
| GitHub Copilot | Passed | Testing | TBD |
| OpenAI Codex CLI | Testing | Testing | TBD |
| Cursor | Passed | Testing | TBD |
| Gemini CLI | Testing | Testing | TBD |
## What We Test
### Discovery Tests
Verify the agent can find and parse skills from this repository:
1. **Index parsing** -- Agent reads `index.json` and understands the skill catalog
2. **Frontmatter parsing** -- Agent reads SKILL.md YAML frontmatter correctly
3. **Subdomain filtering** -- Agent filters skills by subdomain (e.g., "show me all threat-hunting skills")
4. **Tag-based search** -- Agent finds skills by tag (e.g., "mitre-attack", "owasp")
5. **Framework lookup** -- Agent maps a framework reference (e.g., "T1566") to relevant skills
6. **Natural language query** -- Agent understands "How do I analyze phishing emails?" and returns relevant skills
### Execution Tests
Verify the agent can use skill content to perform tasks:
1. **Procedure following** -- Agent reads the skill steps and executes them in order
2. **Tool invocation** -- Agent installs/uses tools referenced in the skill (e.g., Volatility, Wireshark)
3. **Script execution** -- Agent runs scripts from the `scripts/` directory where available
4. **Template usage** -- Agent fills in templates from the `assets/` directory with real data
5. **Reference consultation** -- Agent reads `references/` for standards and applies them
6. **Multi-skill chaining** -- Agent combines multiple skills for complex workflows (e.g., forensic acquisition followed by analysis)
## Scoring Methodology
Each test category is scored on a 0-100 scale:
| Score | Meaning |
|-------|---------|
| 0-25 | Agent cannot perform the task |
| 26-50 | Agent partially performs the task with significant errors |
| 51-75 | Agent performs the task with minor issues |
| 76-100 | Agent performs the task correctly and completely |
The overall score is the average of Discovery and Execution scores.
## How to Run Benchmarks
### Prerequisites
- Access to the AI agent being tested
- This repository cloned locally or accessible to the agent
- Python 3.10+ for the test harness
### Running Discovery Tests
```bash
# Point the agent at the repository and ask it to find skills
# Record pass/fail for each discovery test category
# Example prompts to test:
# 1. "List all skills in the threat-hunting subdomain"
# 2. "Find skills tagged with mitre-attack"
# 3. "What skills help with T1566 Phishing?"
# 4. "How many skills are in this repository?"
# 5. "Show me the skill for analyzing memory dumps with Volatility"
```
### Running Execution Tests
```bash
# Point the agent at a specific skill and ask it to execute the procedure
# Record pass/fail for each execution test category
# Example prompts to test:
# 1. "Follow the steps in analyzing-phishing-email-headers/SKILL.md"
# 2. "Run the script in analyzing-security-logs-with-splunk/scripts/"
# 3. "Fill in the template for incident-response using the provided assets"
# 4. "Analyze this PCAP file using the analyzing-network-traffic-with-wireshark skill"
```
### Recording Results
Results should be recorded in the following format:
```json
{
"agent": "Claude Code",
"version": "1.0",
"date": "2026-02-25",
"discovery": {
"index_parsing": 100,
"frontmatter_parsing": 100,
"subdomain_filtering": 100,
"tag_search": 100,
"framework_lookup": 100,
"natural_language": 95
},
"execution": {
"procedure_following": 100,
"tool_invocation": 95,
"script_execution": 100,
"template_usage": 100,
"reference_consultation": 100,
"multi_skill_chaining": 95
},
"overall_score": 99
}
```
## Benchmark History
| Date | Agent | Score | Notes |
|------|-------|-------|-------|
| 2026-02-25 | Claude Code | 100% | Full discovery and execution capability |
## Contributing Benchmarks
To add benchmark results for a new agent:
1. Run both discovery and execution test suites
2. Record results in JSON format
3. Add a summary row to the test matrix above
4. Submit a pull request with the results and any agent-specific notes
launch/anthropic-partnership-pathway.md
-238
View File
@@ -1,238 +0,0 @@
# Anthropic Partnership Pathway
Step-by-step guide to building a formal relationship with Anthropic and the broader agentskills.io ecosystem. The goal is official recognition of Anthropic-Cybersecurity-Skills as a reference implementation for cybersecurity agent skills.
---
## Phase 1: Spec Compliance Verification
**Timeline:** Before any outreach
**Goal:** Ensure every skill in the repo fully conforms to the agentskills.io specification
### Steps
1. **Review the agentskills.io specification**
- Read the full spec at https://agentskills.io
- Document every required and optional field in SKILL.md frontmatter
- Document body structure requirements
2. **Audit all 611 skills for compliance**
- Run automated validation against the spec
- Check YAML frontmatter fields: name, description, version, tags, category
- Verify body sections follow the expected structure
- Fix any non-compliant skills
3. **Create a validation script**
- Build a CI check that validates all SKILL.md files against the spec
- Add it to GitHub Actions so future PRs are automatically validated
- Document the validation process in CONTRIBUTING.md
4. **Self-certify compliance**
- Add a badge or note in README: "agentskills.io compliant"
- Reference the spec version you comply with
---
## Phase 2: Skill Directory Submissions
**Timeline:** After Phase 1 is complete
**Goal:** Get listed on official and community skill directories
### Target Directories
#### agentskill.sh
- **URL:** https://agentskill.sh
- **Action:** Submit the repo for listing as a cybersecurity skill collection
- **What to include:** Repo URL, skill count, subdomain coverage, compatibility list
- **Status:** [ ] Submitted [ ] Listed
#### SkillsMP (Skills Marketplace)
- **URL:** Check for current URL and submission process
- **Action:** Submit individual high-quality skills or the full collection
- **What to include:** Featured skills with descriptions, install instructions
- **Status:** [ ] Submitted [ ] Listed
#### skills.sh
- **URL:** https://skills.sh
- **Action:** Register the project and submit for directory listing
- **What to include:** Repo URL, category (cybersecurity), compatibility info
- **Status:** [ ] Submitted [ ] Listed
### Submission Template
```
Project: Anthropic-Cybersecurity-Skills
URL: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
Skills: 611+
Category: Cybersecurity
Subdomains: Threat detection, incident response, penetration testing,
digital forensics, cloud security, network security, malware analysis,
application security, identity & access management, compliance,
security operations, cryptography
Standard: agentskills.io (SKILL.md format)
License: MIT
Compatibility: Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor,
Windsurf, and 20+ AI platforms
```
---
## Phase 3: Engage the agentskills.io Community
**Timeline:** After directory submissions
**Goal:** Become a recognized contributor to the agentskills.io ecosystem
### Steps
1. **Open a discussion on agentskills/agentskills**
- Repository: https://github.com/agentskills/agentskills (verify current URL)
- Type: Discussion (not Issue)
- Title: "Cybersecurity domain skills: 611+ skills available for community use"
- Body: Introduce the project, explain the scope, invite feedback on skill quality and spec compliance
- Tone: Collaborative, not promotional
2. **Discussion body template:**
```markdown
## Cybersecurity Skills Collection
We've built a collection of 611+ cybersecurity skills following the
agentskills.io standard. The skills cover 12 subdomains including threat
detection, incident response, penetration testing, digital forensics,
and cloud security.
**Repo:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills
We'd love feedback from the community on:
- Spec compliance -- are we following the standard correctly?
- Skill quality -- are the methodologies accurate and useful?
- Missing coverage -- what cybersecurity skills should we add?
Happy to contribute these to the ecosystem in whatever way is most useful.
```
3. **Respond to feedback promptly**
- Fix any spec compliance issues raised
- Incorporate quality suggestions
- Be responsive and collaborative
4. **Offer to help with the spec itself**
- If there are open issues on the agentskills spec repo, contribute fixes
- Propose cybersecurity-specific extensions if they would help the standard
---
## Phase 4: Engage Anthropic Developer Relations
**Timeline:** After community engagement shows traction (100+ stars, directory listings)
**Goal:** Get on Anthropic's radar for potential partnership or promotion
### Steps
1. **Identify contacts**
- Anthropic Developer Relations team
- Anthropic community forums and Discord
- Anthropic blog / social media team
- Claude Code product team
2. **Initial outreach**
- Post in Anthropic's developer community (forum/Discord) about the project
- Share how it enhances Claude Code's cybersecurity capabilities
- Frame it as: "Here's what we built to make Claude better at security"
3. **Outreach message template:**
```
Hi Anthropic team,
We've built Anthropic-Cybersecurity-Skills, an open-source library of
611+ cybersecurity skills for AI agents following the agentskills.io
standard. It's designed to make Claude Code significantly more capable
at security tasks -- threat detection, incident response, pentesting,
forensics, and more.
The project is MIT licensed, has [X] stars, and is listed on [directories].
We'd love to discuss how this could be useful to the Claude ecosystem,
whether through official promotion, integration, or collaboration.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
```
4. **Provide value first**
- File bug reports on Claude Code's security capabilities
- Write blog posts about using Claude Code for security tasks
- Create tutorials that showcase Claude + cybersecurity skills
- Be a visible, helpful member of the Anthropic community
---
## Phase 5: Submit Skills to anthropics/skills
**Timeline:** After Anthropic engagement
**Goal:** Get skills accepted into Anthropic's official skills repository
### Steps
1. **Identify the target repo**
- Check https://github.com/anthropics/skills (or current equivalent)
- Read their CONTRIBUTING.md and submission requirements
- Understand their quality bar and review process
2. **Select 3-5 best skills for initial submission**
- Choose skills that are:
- Highest quality and most thoroughly tested
- Broadly useful (not niche edge cases)
- Well-structured and clearly written
- Demonstrably effective when used by Claude
- Recommended initial submissions:
1. A threat detection / log analysis skill (most broadly useful)
2. An incident response triage skill (high demand)
3. A cloud security assessment skill (relevant to many users)
4. A vulnerability analysis skill (practical and demonstrable)
5. A security code review skill (directly relevant to coding agents)
3. **Polish selected skills**
- Review each skill line by line for clarity and accuracy
- Test each skill with Claude Code to verify it produces good results
- Ensure perfect spec compliance
- Add any fields or sections required by Anthropic's repo format
4. **Submit PRs**
- One PR per skill (easier to review)
- Clear PR descriptions explaining the skill's purpose and testing
- Be responsive to review feedback
- Do not submit all at once; space them out
5. **Follow up**
- If PRs are not reviewed within 2 weeks, politely follow up
- Incorporate any requested changes quickly
- Once initial skills are accepted, propose a larger batch
---
## Success Criteria
| Milestone | Target | Status |
|-----------|--------|--------|
| All 611 skills pass spec validation | Phase 1 | [ ] |
| Listed on agentskill.sh | Phase 2 | [ ] |
| Listed on skills.sh | Phase 2 | [ ] |
| Discussion opened on agentskills/agentskills | Phase 3 | [ ] |
| Positive response from agentskills community | Phase 3 | [ ] |
| Posted in Anthropic developer community | Phase 4 | [ ] |
| Response from Anthropic team member | Phase 4 | [ ] |
| First skill accepted into anthropics/skills | Phase 5 | [ ] |
| 3+ skills accepted into anthropics/skills | Phase 5 | [ ] |
| Official mention or promotion by Anthropic | Phase 5 | [ ] |
---
## Timeline Summary
| Phase | Description | Estimated Duration | Prerequisites |
|-------|-------------|-------------------|---------------|
| 1 | Spec compliance verification | 1-2 weeks | None |
| 2 | Directory submissions | 1 week | Phase 1 |
| 3 | agentskills.io community engagement | 2-4 weeks | Phase 2 |
| 4 | Anthropic developer relations | 2-4 weeks | Phase 3 + traction |
| 5 | Submit to anthropics/skills | 2-4 weeks | Phase 4 |
Total estimated timeline: 2-3 months from start to first accepted skill in Anthropic's repo.
launch/awesome-list-submissions.md
-206
View File
@@ -1,206 +0,0 @@
# Awesome List Submission Guide
Structured guide for submitting Anthropic-Cybersecurity-Skills to relevant awesome lists on GitHub. Each entry includes the target repo, PR template, and submission notes.
---
## Priority Order
### 1. awesome-cybersecurity-agentic-ai (raphabot) -- HIGHEST PRIORITY
- **Repo:** https://github.com/raphabot/awesome-cybersecurity-agentic-ai
- **Section:** Skills / Knowledge Bases (or most relevant section)
- **Why highest priority:** Exact domain overlap -- cybersecurity + AI agents
**PR Title:**
```
Add Anthropic-Cybersecurity-Skills to Skills/Knowledge Bases
```
**PR Body:**
```markdown
Adding the first comprehensive cybersecurity skills database for AI agents.
611+ skills following the agentskills.io open standard, compatible with
Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, and 20+ platforms.
**[Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills)** — 611+ cybersecurity skills for AI agents following the agentskills.io open standard. Covers threat detection, incident response, penetration testing, digital forensics, cloud security, and more.
```
**Suggested list entry:**
```markdown
- [Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills) — 611+ cybersecurity skills for AI agents following the agentskills.io open standard. Covers threat detection, incident response, penetration testing, digital forensics, cloud security, and more.
```
**Pre-submission checklist:**
- [ ] Read CONTRIBUTING.md in the target repo
- [ ] Verify the list entry matches their formatting conventions
- [ ] Ensure alphabetical ordering if required
- [ ] Star the awesome list repo before submitting
---
### 2. awesome-ai-security (TalEliyahu)
- **Repo:** https://github.com/TalEliyahu/awesome-ai-security
- **Section:** Tools / Resources (or AI Security Tools)
**PR Title:**
```
Add Anthropic-Cybersecurity-Skills — 611+ cybersecurity skills for AI agents
```
**PR Body:**
```markdown
## What is this?
A comprehensive cybersecurity skills database designed for AI coding agents. Contains 611+ skills covering the full cybersecurity domain: threat detection, incident response, penetration testing, digital forensics, cloud security, network security, malware analysis, and more.
## Why it fits this list
- AI agents using these skills can perform real security analysis tasks
- Follows the agentskills.io open standard (SKILL.md format)
- Compatible with Claude Code, GitHub Copilot, Cursor, Windsurf, and 20+ AI platforms
- Open source under MIT license
**Link:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills
```
**Suggested list entry:**
```markdown
- [Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills) — 611+ cybersecurity skills for AI coding agents. Covers threat detection, incident response, penetration testing, forensics, cloud security. agentskills.io standard.
```
---
### 3. awesome-security (sindresorhus ecosystem)
- **Repo:** https://github.com/sbilly/awesome-security
- **Section:** Other / Tools / AI-Assisted Security
**PR Title:**
```
Add Anthropic-Cybersecurity-Skills — cybersecurity skill library for AI agents
```
**PR Body:**
```markdown
Adding a cybersecurity skills database that enables AI coding agents to perform security tasks.
- 611+ structured skills across 12 cybersecurity subdomains
- Threat detection, incident response, penetration testing, digital forensics, cloud security, and more
- Follows the agentskills.io open standard (SKILL.md format)
- Compatible with Claude Code, GitHub Copilot, Cursor, and 20+ AI platforms
**Link:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills
```
**Suggested list entry:**
```markdown
- [Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills) — 611+ cybersecurity skills for AI agents covering threat detection, IR, pentesting, forensics, and cloud security.
```
---
### 4. awesome-pentest
- **Repo:** https://github.com/enaqx/awesome-pentest
- **Section:** Tools / AI-Assisted / Knowledge Bases
**PR Title:**
```
Add Anthropic-Cybersecurity-Skills — AI agent pentesting skills library
```
**PR Body:**
```markdown
A library of 611+ cybersecurity skills structured for AI coding agents. Includes dedicated penetration testing skills covering:
- Network penetration testing
- Web application security testing
- Wireless security assessment
- Social engineering simulation
- Red team operations
- Exploit development methodology
Skills follow the agentskills.io open standard and work with Claude Code, GitHub Copilot, Cursor, and 20+ platforms.
**Link:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills
```
---
### 5. awesome-incident-response
- **Repo:** https://github.com/meirwah/awesome-incident-response
- **Section:** Tools / Knowledge Bases / AI-Assisted
**PR Title:**
```
Add Anthropic-Cybersecurity-Skills — AI-powered incident response skill library
```
**PR Body:**
```markdown
A structured skill library enabling AI agents to assist with incident response workflows. Includes skills for:
- Incident triage and classification
- Log analysis and correlation
- Forensic evidence collection
- Malware analysis and containment
- Post-incident reporting
- Threat hunting and detection
611+ skills total, with dedicated incident response coverage. agentskills.io open standard, compatible with Claude Code, Copilot, Cursor, and 20+ AI platforms.
**Link:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills
```
---
### 6. awesome-threat-intelligence
- **Repo:** https://github.com/hslatman/awesome-threat-intelligence
- **Section:** Tools / Resources / AI-Assisted
**PR Title:**
```
Add Anthropic-Cybersecurity-Skills — threat intelligence skills for AI agents
```
**PR Body:**
```markdown
A skill library enabling AI agents to assist with threat intelligence tasks. Includes skills covering:
- OSINT collection and analysis
- Threat actor profiling
- IOC extraction and enrichment
- MITRE ATT&CK mapping
- Threat landscape assessment
- Intelligence report generation
Part of a 611+ skill library following the agentskills.io open standard. Compatible with Claude Code, GitHub Copilot, Cursor, and 20+ AI platforms.
**Link:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills
```
---
## General Submission Process
1. **Fork** the target awesome list repository
2. **Read** their CONTRIBUTING.md and follow formatting rules exactly
3. **Add** the entry in the correct section, respecting alphabetical order
4. **Create PR** using the templates above, adjusting as needed
5. **Be patient** -- maintainers are volunteers; follow up politely after 2 weeks if no response
6. **Do not** submit to all lists on the same day; space submissions 2-3 days apart to avoid appearing spammy
## Tracking
| List | Submitted | PR Link | Status | Notes |
|------|-----------|---------|--------|-------|
| awesome-cybersecurity-agentic-ai | | | Pending | Highest priority |
| awesome-ai-security | | | Pending | |
| awesome-security | | | Pending | |
| awesome-pentest | | | Pending | |
| awesome-incident-response | | | Pending | |
| awesome-threat-intelligence | | | Pending | |
launch/conference-cfp-tracker.md
-127
View File
@@ -1,127 +0,0 @@
# Conference CFP Tracker
Track Call for Papers (CFP) deadlines and submission status for presenting Anthropic-Cybersecurity-Skills at security and AI conferences.
---
## Priority Target: Black Hat Arsenal
- **Event:** Black Hat USA 2026 Arsenal
- **Location:** Las Vegas, NV
- **Dates:** August 2026 (typically first week)
- **Deadline:** ~April 2026 (Arsenal CFP opens spring 2026)
- **Type:** Open-source tool showcase (Arsenal, not Briefings)
- **Requirements:**
- Working demo of the tool/project
- Open-source and publicly available
- Security-focused
- Live demonstration capability
- **Action Items:**
- [ ] Monitor https://www.blackhat.com/us-26/arsenal.html for CFP opening
- [ ] Prepare 2-minute elevator pitch
- [ ] Build live demo showing AI agent using skills for a security task
- [ ] Record backup demo video in case of technical issues
- [ ] Prepare poster/handout with QR code to repo
---
## All Conferences
| Conference | Type | Location | Estimated Dates | CFP Deadline | Submission Type | Status |
|-----------|------|----------|----------------|--------------|-----------------|--------|
| **Black Hat USA Arsenal** | Tool Demo | Las Vegas, NV | Aug 2026 | ~Apr 2026 | Arsenal submission | Monitoring |
| **DEF CON Demo Labs** | Tool Demo | Las Vegas, NV | Aug 2026 | ~May 2026 | Demo application | Monitoring |
| **BSides Las Vegas** | Talk/Workshop | Las Vegas, NV | Aug 2026 | ~Apr 2026 | CFP talk/workshop | Monitoring |
| **RSA Conference** | Talk/Expo | San Francisco, CA | Apr 2027 | ~Oct 2026 | Innovation Sandbox / talk | Future |
| **SANS Summits** | Talk | Various | Rolling | Rolling | Speaker application | Eligible |
| **ShmooCon** | Talk | Washington, DC | Jan 2027 | ~Oct 2026 | CFP talk | Future |
| **GrrCon** | Talk | Grand Rapids, MI | Oct 2026 | ~Jun 2026 | CFP talk | Monitoring |
| **DerbyCon / Louisville** | Talk | Louisville, KY | TBD | TBD | CFP talk | Check status |
| **Wild West Hackin' Fest** | Talk | Deadwood, SD | Oct 2026 | ~Jul 2026 | CFP talk | Monitoring |
| **Hack In The Box** | Talk | Various | Various | Various | CFP talk | Monitoring |
| **CanSecWest** | Talk | Vancouver, BC | Mar 2027 | ~Dec 2026 | CFP talk | Future |
| **Offensive Con** | Talk | Berlin, DE | Feb 2027 | ~Sep 2026 | CFP talk | Future |
| **NorthSec** | Talk/Workshop | Montreal, QC | May 2026 | ~Feb 2026 | CFP talk | Check if open |
| **AI Village (DEF CON)** | Talk/Demo | Las Vegas, NV | Aug 2026 | ~May 2026 | CFP talk/demo | Monitoring |
| **OWASP Global AppSec** | Talk | Various | Various | Various | CFP talk | Monitoring |
---
## Talk Abstract (Template)
**Title:** Building 611 Cybersecurity Skills for AI Agents: An Open Standard Approach
**Abstract:**
```
AI coding agents are increasingly used for security tasks, but they lack structured
cybersecurity knowledge. We present Anthropic-Cybersecurity-Skills, the first open-source
library of 611+ cybersecurity skills built on the agentskills.io standard. Each skill
is a self-contained SKILL.md file that any compatible AI agent can install and execute.
We cover the design of the skill format, the taxonomy across 12 cybersecurity subdomains
(threat detection, incident response, penetration testing, digital forensics, cloud
security, network security, malware analysis, and more), and live demonstrations of
AI agents performing real security tasks using these skills.
The project is open source (MIT), compatible with 20+ AI platforms including Claude Code,
GitHub Copilot, and Cursor, and designed for community contribution.
```
**Duration options:** Lightning talk (10 min), Standard talk (25-30 min), Workshop (60-90 min)
---
## Workshop Abstract (Template)
**Title:** Hands-On: Teaching AI Agents Cybersecurity with the agentskills.io Standard
**Abstract:**
```
In this hands-on workshop, attendees will learn how to create, install, and use
cybersecurity skills for AI coding agents. We start with installing existing skills
from the Anthropic-Cybersecurity-Skills library (611+ skills), then progress to
writing custom skills for specific security workflows.
Attendees will leave with:
- A working AI agent setup with cybersecurity skills installed
- Understanding of the SKILL.md format and agentskills.io standard
- A custom skill they authored during the workshop
- Knowledge of how to contribute back to the open-source project
Prerequisites: Laptop with an AI coding agent installed (Claude Code, Cursor, or similar).
```
---
## CFP Monitoring Resources
- **cfptime.org** -- Aggregated CFP deadlines across tech conferences
- **sec-deadlines.github.io** -- Security conference deadlines specifically
- **Twitter/X lists** -- Follow @BlackHatEvents, @defaborea, @BSidesLV, @RSAConference
- **Infosec CFP Calendar** -- https://infosec-conferences.com/cfp/
- **Lanyrd / Sessionize** -- Check for open CFPs
---
## Submission Tracking
| Conference | Submitted Date | Abstract Used | Status | Accepted? | Presentation Date | Notes |
|-----------|---------------|---------------|--------|-----------|-------------------|-------|
| | | | | | | |
---
## Demo Preparation Checklist
For any conference demo or Arsenal submission:
- [ ] Record 2-minute overview video
- [ ] Prepare offline fallback demo (no internet dependency)
- [ ] Create handout with repo QR code, key stats, and contact info
- [ ] Test skill installation flow end-to-end
- [ ] Prepare 3 compelling live demo scenarios:
1. Threat hunting with AI agent using detection skills
2. Incident response workflow guided by IR skills
3. Writing and installing a custom security skill
- [ ] Backup slides in case of demo failure
- [ ] Business cards or contact handouts
launch/devto-article.md
-190
View File
@@ -1,190 +0,0 @@
---
title: "How I Built an Open-Source Cybersecurity Skills Database for AI Agents (611+ Skills)"
published: true
tags: cybersecurity, opensource, ai, security
---
# How I Built an Open-Source Cybersecurity Skills Database for AI Agents (611+ Skills)
AI agents are transforming software engineering. Tools like Claude Code, GitHub Copilot, and Cursor can write code, debug issues, and refactor entire codebases. But ask one to analyze a memory dump from a compromised server, triage a SIEM alert, or assess an Active Directory attack path, and you get generic advice that no security practitioner would follow.
I built an open-source database of 611 cybersecurity skills structured for AI agent consumption. This post explains why, how, and what the skills actually look like.
## The Problem: AI Agents Lack Security Expertise
When a security analyst encounters a suspicious process on a compromised Windows host, they don't think in generalities. They immediately:
1. Check the process tree for parent-child anomalies
2. Run `vol3 -f memory.dmp windows.malfind` to detect injected code
3. Extract suspicious memory regions for YARA scanning
4. Cross-reference process network connections with known C2 indicators
5. Check for persistence mechanisms in registry run keys and scheduled tasks
An AI agent without structured security knowledge will tell you to "use a memory forensics tool" and "look for suspicious processes." That gap between generic advice and practitioner-level precision is the problem.
This isn't just about knowledge -- it's about structured, actionable knowledge. AI agents need to know not just WHAT to do, but WHEN to do it, WHICH specific tool to use, and in WHAT order.
## Why Existing Solutions Fail
| Approach | Problem |
|----------|---------|
| Training data (books, blogs) | Unstructured, no activation triggers, no tool-specific commands |
| RAG over documentation | Tool docs explain features, not workflows. No decision trees. |
| Prompt engineering | Doesn't scale. You can't encode 611 skills in a system prompt. |
| Fine-tuning | Expensive, needs retraining for every update, hard to audit |
| Wiki/cheat sheets | No machine-readable metadata, no activation conditions |
| Existing skill standards | Focused on human learning objectives, not agent execution |
What's needed is a format that gives AI agents two things:
1. **Routing information**: When should this skill activate? What keywords, domains, and contexts trigger it?
2. **Execution knowledge**: What exact commands, in what order, with what flags, and what to do when things go wrong?
## What agentskills.io Enables: Progressive Disclosure Architecture
Each skill follows a two-layer architecture that mirrors how human expertise works:
### Layer 1: YAML Frontmatter (The WHEN)
```yaml
---
name: analyzing-memory-dumps-with-volatility
description: >
Analyzes RAM memory dumps from compromised systems using the Volatility
framework to identify malicious processes, injected code, network
connections, loaded modules, and extracted credentials.
domain: cybersecurity
subdomain: malware-analysis
tags: [malware, memory-forensics, Volatility, RAM-analysis, incident-response]
version: 1.0.0
author: mahipal
license: MIT
---
```
This frontmatter is what gets indexed. When a user asks an AI agent to "check this memory dump for malware," the agent matches against the description and tags, identifies this skill as relevant, and loads the full body.
### Layer 2: Markdown Body (The HOW)
The body contains the actual procedure:
- **When to Use / When Not to Use**: Clear activation and exclusion conditions
- **Prerequisites**: Specific tool versions, dependencies, required inputs
- **Step-by-Step Workflow**: Exact commands with flags, expected outputs, decision trees
- **Validation Steps**: How to verify results
- **References**: MITRE ATT&CK techniques, NIST controls, CVE numbers
The progressive disclosure is the key insight: the agent doesn't load 611 full skill bodies into context. It indexes the frontmatter, matches the right skill, and only then loads the detailed procedure.
## Skill Taxonomy: 24 Subdomains, 611 Skills
The database covers the full cybersecurity landscape:
| Subdomain | Skills | Example Skill |
|-----------|--------|---------------|
| Cloud Security | 48 | Auditing AWS S3 Bucket Permissions |
| Threat Intelligence | 43 | Building Threat Feed Aggregation with MISP |
| Web Application Security | 41 | Exploiting Server-Side Request Forgery |
| Threat Hunting | 35 | Hunting for C2 Beaconing with Frequency Analysis |
| Malware Analysis | 34 | Analyzing Memory Dumps with Volatility |
| Digital Forensics | 34 | Performing Timeline Reconstruction with Plaso |
| SOC Operations | 33 | Building Detection Rules with Sigma |
| Network Security | 33 | Configuring Suricata for Network Monitoring |
| Identity & Access Management | 33 | Implementing Privileged Access Management with CyberArk |
| OT/ICS Security | 28 | Detecting Modbus Protocol Anomalies |
| API Security | 28 | Testing API for Broken Object Level Authorization |
| Container Security | 26 | Scanning Container Images with Grype |
| Vulnerability Management | 24 | Prioritizing Vulnerabilities with CVSS Scoring |
| Red Teaming | 24 | Building C2 Infrastructure with Sliver Framework |
| Incident Response | 24 | Conducting Malware Incident Response |
| Penetration Testing | 23 | Performing Active Directory Penetration Test |
| Zero Trust Architecture | 17 | Implementing BeyondCorp Zero Trust Access Model |
| Phishing Defense | 16 | Detecting Business Email Compromise with AI |
| Endpoint Security | 16 | Detecting Fileless Malware Techniques |
| DevSecOps | 16 | Integrating SAST into GitHub Actions Pipeline |
| Cryptography | 13 | Implementing AES Encryption for Data at Rest |
| Mobile Security | 12 | Reverse Engineering Android Malware with JADX |
| Ransomware Defense | 5 | Implementing Ransomware Backup Strategy |
| Compliance & Governance | 5 | Implementing ISO 27001 Information Security Management |
## Quick Demo: How Claude Code Uses a Skill
Here's a realistic interaction showing how an AI agent uses a skill file:
**User prompt:**
> "I have a memory dump from a potentially compromised Windows server. Can you help me analyze it for malware?"
**Without skills:** The agent gives a generic overview of memory forensics concepts and suggests "using Volatility."
**With the skill loaded:** The agent follows the structured workflow:
```bash
# Step 1: Identify the OS profile
vol3 -f memory.dmp windows.info
# Step 2: List all processes and check for anomalies
vol3 -f memory.dmp windows.pslist
vol3 -f memory.dmp windows.pstree
# Step 3: Detect process injection / hollowing
vol3 -f memory.dmp windows.malfind
# Step 4: Check network connections for C2
vol3 -f memory.dmp windows.netscan
# Step 5: Extract suspicious DLLs
vol3 -f memory.dmp windows.dlllist --pid <suspicious_pid>
# Step 6: Scan with YARA rules
vol3 -f memory.dmp yarascan.YaraScan --yara-file malware_rules.yar
# Step 7: Extract credentials if needed
vol3 -f memory.dmp windows.hashdump
```
The agent knows the exact plugin names, the order of operations, what to look for in the output, and how to pivot based on findings. That's the difference between "use Volatility" and actually using Volatility.
## File Structure
Each skill follows a consistent directory structure:
```
skills/{skill-name}/
SKILL.md # Skill definition (YAML frontmatter + Markdown body)
references/
standards.md # NIST, MITRE ATT&CK, CIS references
workflows.md # Detailed technical procedure reference
scripts/
process.py # Practitioner helper script
assets/
template.md # Filled-in checklist or report template
```
The entire repository is pure Markdown and YAML. No build system, no dependencies, no runtime. Any tool that can read files can use these skills.
## Call for Contributors
The database is MIT licensed and open for contributions. Here's where help is most needed:
**Underrepresented subdomains:**
- Mobile Security (12 skills) -- iOS and Android security testing, mobile malware analysis
- Ransomware Defense (5 skills) -- detection, response, recovery procedures
- Compliance & Governance (5 skills) -- SOC 2, HIPAA, PCI DSS, GDPR controls
**Skill improvements:**
- Add real-world edge cases to existing skills
- Update tool commands for latest versions
- Add detection rules (Sigma, YARA, Splunk SPL) where applicable
- Improve decision trees for ambiguous scenarios
**New skill areas:**
- AI/ML security (adversarial ML, model security)
- Supply chain security
- Election security
- Healthcare-specific cybersecurity
If you write runbooks or procedure documents for your security team, you already know how to write a skill. The format is intentionally simple.
**Repo:** [github.com/mukul975/Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills)
The future of cybersecurity involves AI agents that understand the domain with practitioner-level depth. This database is a step toward making that real -- not by replacing security professionals, but by giving AI agents the structured knowledge to be genuinely useful assistants.
launch/discord-servers.md
-84
View File
@@ -1,84 +0,0 @@
# Discord Servers for Launch Outreach
## General Approach
1. **Join first, contribute, then share.** Do not join a server and immediately post about the project. Spend at least a few days participating in conversations before mentioning it.
2. **Find the right channel.** Most servers have a #self-promotion, #showcase, #tools, or #resources channel. Use those. Do not post in #general or #help unless the project is directly relevant to an ongoing conversation.
3. **Lead with value.** Frame the project as a resource, not a product. "I built this to help the community" not "check out my project."
4. **Respect server rules.** Read the rules/pins before posting. Some servers prohibit self-promotion entirely.
5. **Be a member, not a marketer.** Answer questions, share knowledge, and help others. Mention the project only when it's genuinely relevant.
---
## Target Discord Servers
### 1. Black Hills Information Security (BHIS)
- **Focus:** Blue team, threat hunting, DFIR, SOC operations
- **Size:** Large, very active community
- **Approach:** BHIS runs free webcasts and has active discussions. Participate in SOC and threat hunting conversations. Share individual skills that are relevant to topics being discussed (e.g., share the Sigma detection rule skill when someone asks about detection engineering). Mention the full project in #tools or #resources after establishing presence.
- **Best skills to highlight:** SOC Operations, Threat Hunting, Detection Engineering
### 2. The Many Hats Club
- **Focus:** Broad infosec community, CTF players, career discussions
- **Size:** Large
- **Approach:** Engaged community that values open-source contributions. Look for #projects or #tools channels. Frame the project as a learning resource -- many members are early-career and would benefit from structured skill procedures. Offer to help members use specific skills for their CTF challenges or study.
- **Best skills to highlight:** Penetration Testing, Web App Security, Network Security
### 3. John Hammond's Discord
- **Focus:** CTF, malware analysis, reverse engineering, cybersecurity education
- **Size:** Very large, active community
- **Approach:** John Hammond's audience is technically strong and values practical, hands-on content. Share individual malware analysis or reverse engineering skills when relevant to discussions. The community responds well to detailed technical content. Look for #tools or #resources channels.
- **Best skills to highlight:** Malware Analysis, Reverse Engineering, Digital Forensics
### 4. NahamSec
- **Focus:** Bug bounty, web application security, penetration testing
- **Size:** Large
- **Approach:** Bug bounty focused community. Share web application security skills (SSRF, IDOR, XSS, SQLi) that are directly applicable to bug bounty hunting. The community values practical exploitation techniques with real tool commands. Look for #tools or #resources channels.
- **Best skills to highlight:** Web Application Security, API Security, Penetration Testing
### 5. TCM Security
- **Focus:** Ethical hacking, penetration testing, Active Directory security
- **Size:** Large, education-focused
- **Approach:** TCM's community is heavily focused on learning penetration testing and AD security. Share AD-specific skills (Bloodhound, Kerberoasting, DCSync) when relevant to discussions. The community values step-by-step procedures, which aligns perfectly with the skill format. Look for #resources or #tools channels.
- **Best skills to highlight:** Active Directory, Penetration Testing, Red Teaming
### 6. Hack The Box
- **Focus:** CTF, penetration testing, labs, certification prep
- **Size:** Very large
- **Approach:** HTB members are hands-on practitioners. Share skills that directly help with HTB challenges -- privilege escalation, web exploitation, network enumeration. The community is used to writeups and procedure documents, so the skill format will feel natural. Look for #tools, #resources, or platform-specific channels.
- **Best skills to highlight:** Penetration Testing, Privilege Escalation, Web App Security
### 7. TryHackMe
- **Focus:** Beginner-friendly cybersecurity education, guided learning paths
- **Size:** Very large
- **Approach:** TryHackMe's community skews toward beginners and learners. Frame the skills as a reference companion for TryHackMe rooms. When someone is working through a room on memory forensics or web exploitation, the corresponding skill provides the real-world procedure. Be helpful first.
- **Best skills to highlight:** Entry-level Penetration Testing, Network Security, Web App Security
### 8. r/redteamsec Discord
- **Focus:** Red team operations, adversary simulation, C2 frameworks
- **Size:** Smaller, highly technical
- **Approach:** This community expects technical depth. Do not post anything surface-level. Share specific red team skills (C2 infrastructure with Sliver/Havoc, AD attack paths, lateral movement techniques) with real technical detail. Engage in existing conversations about TTPs before mentioning the project.
- **Best skills to highlight:** Red Teaming, Active Directory Attacks, C2 Infrastructure
---
## Tracking
| Server | Joined | First Contribution | Project Shared | Response |
|--------|--------|--------------------|----------------|----------|
| BHIS | | | | |
| Many Hats Club | | | | |
| John Hammond | | | | |
| NahamSec | | | | |
| TCM Security | | | | |
| Hack The Box | | | | |
| TryHackMe | | | | |
| r/redteamsec Discord | | | | |
launch/hacker-news.md
-49
View File
@@ -1,49 +0,0 @@
# Hacker News - Show HN Post
## Title
Show HN: 611+ Cybersecurity Skills for AI Agents (agentskills.io open standard)
## Body
I built an open-source database of 611+ cybersecurity skills that AI agents can use to perform real security work -- from malware analysis with Volatility to cloud pen-testing with Pacu.
Each skill follows a structured format (YAML frontmatter + Markdown body) with:
- When to use (and when NOT to)
- Prerequisites and tool requirements
- Step-by-step workflows with real commands, not pseudocode
- References to real standards (NIST, MITRE ATT&CK, CIS)
- Practitioner helper scripts and report templates
The 611 skills cover 24 subdomains: cloud security, threat intelligence, web app security, threat hunting, malware analysis, digital forensics, SOC operations, network security, IAM, OT/ICS security, API security, container security, vulnerability management, red teaming, incident response, penetration testing, zero trust, phishing defense, endpoint security, DevSecOps, cryptography, mobile security, ransomware defense, and compliance/governance.
Why I built this: AI coding agents (Claude Code, Cursor, Copilot) are great at software engineering but have no structured cybersecurity knowledge. When you ask them to analyze a memory dump or triage a SIEM alert, they give generic advice instead of the precise Volatility plugin sequence or Splunk SPL query a practitioner would use.
The skills use "progressive disclosure" -- the frontmatter tells the agent WHEN to activate a skill, and the full body provides the HOW with exact commands, flags, and decision trees.
Format follows the agentskills.io open standard so any agent framework can consume them.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
Tech details:
- Each skill has SKILL.md + references/ + scripts/ + assets/
- Skills are tool-specific (not "use a scanner" but "use Nessus with these plugin families")
- Real CVE references, real MITRE ATT&CK technique IDs
- MIT licensed
Looking for contributors, especially practitioners who want to improve existing skills or add new ones in underrepresented areas (mobile security, OT/ICS, compliance).
## Timing
Post at 6:00 AM Pacific (9:00 AM Eastern) for maximum HN visibility. Tuesday through Thursday are optimal days.
## Engagement Rules
1. **Respond within 1 hour** of posting. Early engagement signals to the HN algorithm that the post is active and worth ranking higher.
2. **Be technical, not promotional.** Answer questions with specific technical details. Reference actual skill files, tool commands, and MITRE technique IDs.
3. **No vote requests.** Never ask anyone to upvote. This violates HN guidelines and can get the post flagged or penalized.
4. **Engage authentically.** If someone raises a valid criticism (e.g., "these skills are too shallow for real practitioners"), acknowledge it and explain the contribution model.
5. **Link to specific skills** when answering questions. For example: "Here's the actual Volatility skill that covers that -- [link to SKILL.md]"
6. **Avoid marketing language.** No "revolutionary," "game-changing," or "disrupting." Stick to factual descriptions of what the repo contains.
7. **Be prepared for skepticism.** HN users will question whether AI agents can actually do security work. Have concrete examples ready showing how an agent uses a skill file.
launch/help-net-security-email.md
-51
View File
@@ -1,51 +0,0 @@
# Help Net Security Press Email
## Send To
press@helpnetsecurity.com
## Subject Line
Open-source database: 611 cybersecurity skills structured for AI agents (MIT licensed)
## Email Body
Hi,
I wanted to share an open-source project that may be relevant to your readers.
I've built and released a database of 611 cybersecurity skills structured for AI agent consumption. The skills cover 24 subdomains -- from malware analysis and digital forensics to cloud security and OT/ICS security -- each with tool-specific commands, MITRE ATT&CK mappings, and practitioner-level workflows.
**The problem it solves:** AI coding agents (Claude Code, GitHub Copilot, Cursor) are increasingly used for security tasks, but they lack structured cybersecurity knowledge. They give generic advice instead of the precise tool commands and decision trees that practitioners use. This database bridges that gap.
**Key details:**
- 611 skills across 24 cybersecurity subdomains
- Structured format: YAML frontmatter (routing metadata) + Markdown body (exact procedures)
- Tool-specific: real commands for Volatility, Nessus, Splunk, Wireshark, Metasploit, Burp Suite, and 100+ other tools
- References real standards: MITRE ATT&CK technique IDs, NIST controls, CIS benchmarks, CVE numbers
- Follows the agentskills.io open standard
- MIT licensed
- Looking for practitioner contributors
**GitHub repository:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills
This could work as a brief news item, a tools roundup mention, or a longer feature on how AI agents are being equipped with domain-specific security knowledge.
Happy to provide additional details, answer questions, or provide a walkthrough of how an AI agent uses a specific skill.
Thank you for your time.
Best regards,
Mukul
---
## Timing
Send on Day 2 (the day after the main launch), ideally Tuesday-Thursday morning.
## Follow-Up
If no response within 5 business days, send one follow-up email with the subject line "Re: Open-source database: 611 cybersecurity skills structured for AI agents" and a brief note mentioning any traction from the launch (GitHub stars, community response).
Do not follow up more than once.
launch/launch-checklist.md
-98
View File
@@ -1,98 +0,0 @@
# Launch Day Checklist
## Pre-Launch (Night Before)
- [ ] Verify all 611 skills have valid SKILL.md with correct YAML frontmatter
- [ ] Confirm README.md is polished with clear description, structure, and contributing guide
- [ ] Ensure LICENSE file (MIT) is present in repo root
- [ ] Verify CONTRIBUTING.md exists with clear skill authoring instructions
- [ ] Check that repo description and topics are set on GitHub (cybersecurity, ai, agents, security, open-source)
- [ ] Pin the most impressive/representative issues (good first issues, feature requests)
- [ ] Confirm GitHub Actions CI passes on main branch
- [ ] Pre-write all launch posts (HN, Reddit, Twitter, LinkedIn, Dev.to) and have them ready to paste
- [ ] Test all links in launch posts point to correct repo URLs
- [ ] Draft responses to anticipated questions (see FAQ prep below)
- [ ] Set up monitoring: GitHub notifications on, email alerts for new issues/stars
- [ ] Ensure the repo is public (not private or internal)
## Launch Morning
### Hour 0: Go Live
- [ ] **6:00 AM Pacific / 9:00 AM Eastern**: Post Show HN on Hacker News
- Title: "Show HN: 611+ Cybersecurity Skills for AI Agents (agentskills.io open standard)"
- Paste body from `launch/hacker-news.md`
- [ ] Immediately after HN: Post first Reddit post to r/netsec
- [ ] Post Twitter/X thread (all 7 tweets)
- [ ] Post LinkedIn article
- [ ] Bookmark HN post URL for monitoring
### Hour 1-2: First Engagement Wave
- [ ] Monitor HN for comments -- respond to every comment within 1 hour
- [ ] Be technical in HN responses: reference specific skill files, tool commands, MITRE technique IDs
- [ ] Do NOT ask for upvotes anywhere -- ever
- [ ] Post to r/cybersecurity (2 hours after r/netsec post)
### Hour 3-4: Second Wave
- [ ] Post to r/blueteamsec
- [ ] Post to r/hacking
- [ ] Continue monitoring and responding to HN and Reddit comments
- [ ] Track GitHub stars, forks, and issues
### Hour 5-6: Third Wave
- [ ] Post to r/redteamsec
- [ ] Post to r/artificial
- [ ] Post to r/opensource
- [ ] Publish Dev.to article
### Throughout the Day
- [ ] Respond to every GitHub issue within 2 hours
- [ ] Respond to every Reddit comment with substance
- [ ] Thank anyone who stars or shares the repo
- [ ] If any post gains traction, share it on Twitter with a brief note
- [ ] Monitor for any negative feedback or valid criticisms -- address them transparently
## End of Day 1
- [ ] Record metrics: GitHub stars, forks, issues, traffic (Insights tab)
- [ ] Record metrics: HN points and rank position, Reddit upvotes per post
- [ ] Identify top questions/concerns from community -- plan content to address them
- [ ] Merge any quick-win PRs that come in (shows the project is active and welcoming)
- [ ] Post a "Day 1" update on Twitter if there's traction: "Thank you for the response. X stars, Y issues filed, here's what we're working on next."
- [ ] Join Discord servers (see `launch/discord-servers.md`) and introduce yourself and the project
## Day 2+
- [ ] Send press email to Help Net Security (see `launch/help-net-security-email.md`)
- [ ] Continue engaging with all platforms daily for at least 1 week
- [ ] Post in Discord servers where appropriate (don't spam -- contribute value first, then mention the project)
- [ ] Write follow-up content based on community feedback:
- Blog post addressing top questions
- Tutorial: "How to contribute a skill in 10 minutes"
- Deep dive into a specific subdomain
- [ ] Reach out to security influencers who engaged with the launch posts
- [ ] Track weekly metrics: stars, forks, contributors, issues opened/closed
- [ ] Plan the first community call or AMA if there's sufficient interest
- [ ] Submit to security newsletters (tl;dr sec, SANS NewsBites, etc.)
- [ ] Look for podcast/webinar opportunities if the project gets 500+ stars
## FAQ Prep (Anticipated Questions)
**"Aren't these just runbooks/cheat sheets?"**
> They're structured for machine consumption, not just human reading. The YAML frontmatter provides routing metadata that lets an agent know WHEN to use a skill, and the body provides the exact HOW. A cheat sheet doesn't have activation conditions or progressive disclosure.
**"Can AI actually do security work?"**
> Not autonomously, and that's not the goal. These skills make AI agents useful assistants -- like giving a junior analyst a detailed procedure library. The human makes decisions; the agent provides precise, tool-specific guidance.
**"Why not just fine-tune a model?"**
> Fine-tuning is expensive, hard to audit, and requires retraining for every update. A skill file can be reviewed, version-controlled, and updated by any practitioner. It's also transparent -- you can read exactly what the agent will do.
**"Is this just for Claude/Anthropic?"**
> No. The agentskills.io format is agent-agnostic. Any AI agent that can read files can use these skills. The format is intentionally simple (YAML + Markdown) for maximum compatibility.
**"How do you ensure quality?"**
> Every skill references real tools with real commands. Contributors are expected to be practitioners. The community review process catches errors. Bad skills get issues filed against them.
launch/linkedin-post.md
-30
View File
@@ -1,30 +0,0 @@
# LinkedIn Launch Post
---
I just open-sourced a database of 611 cybersecurity skills for AI agents.
The problem is straightforward: AI coding agents like Claude Code, GitHub Copilot, and Cursor are transforming software engineering. But when it comes to cybersecurity, they give generic advice instead of the precise, tool-specific knowledge a practitioner would use.
Ask an AI to "analyze this memory dump" and you get a Wikipedia summary. A senior analyst would immediately reach for Volatility 3, run `vol3 -f dump.raw windows.pslist`, check for process hollowing with `windows.malfind`, and extract injected code for YARA scanning. That procedural knowledge is what these skills encode.
What I built:
611 skills across 24 cybersecurity subdomains, each following a structured format:
- YAML frontmatter: tells the agent WHEN to activate (trigger conditions, prerequisites, domain tags)
- Markdown body: the HOW -- step-by-step workflows with exact commands, tool flags, and decision trees
- References to real standards: MITRE ATT&CK technique IDs, NIST controls, CIS benchmarks
- Practitioner helper scripts and filled-in report templates
Coverage spans the full cybersecurity landscape:
Cloud Security (48 skills), Threat Intelligence (43), Web Application Security (41), Threat Hunting (35), Malware Analysis (34), Digital Forensics (34), SOC Operations (33), Network Security (33), Identity & Access Management (33), OT/ICS Security (28), API Security (28), Container Security (26), Vulnerability Management (24), Red Teaming (24), Incident Response (24), Penetration Testing (23), Zero Trust Architecture (17), Phishing Defense (16), Endpoint Security (16), DevSecOps (16), Cryptography (13), Mobile Security (12), Ransomware Defense (5), and Compliance & Governance (5).
The format follows the agentskills.io open standard, so any agent framework can consume these skills.
This is MIT licensed and open for contributions. If you're a security practitioner and you write runbooks, you already know how to write skills. I'm especially looking for contributors in OT/ICS security, mobile security, and compliance.
The future of cybersecurity involves AI agents that genuinely understand the domain -- not as replacements for analysts, but as force multipliers that have instant recall of every tool flag, every MITRE technique, and every standard reference.
Link: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
#cybersecurity #opensource #AI #infosec #threatintelligence #pentesting #DFIR #cloudsecurity
launch/metrics-tracker.md
-129
View File
@@ -1,129 +0,0 @@
# 30-Day Launch Metrics
Track key growth metrics for the first 30 days after public launch.
---
## Targets from Playbook
| Metric | Week 1 | Week 2 | Week 3 | Week 4 |
|--------|--------|--------|--------|--------|
| Stars | 150-400 | 400-800 | 800-1,200 | 1,200-2,000 |
| Forks | 15-40 | 40-80 | 80-120 | 120-200 |
| Contributors | 1-3 | 3-8 | 8-15 | 15-25 |
| Unique Visitors | 500-1,000 | 1,000-2,500 | 2,000-4,000 | 3,000-6,000 |
| Clones | 50-150 | 150-400 | 300-700 | 500-1,000 |
| Issues Opened | 5-15 | 15-30 | 25-50 | 40-75 |
| PRs Opened | 1-5 | 5-15 | 10-25 | 20-40 |
| Awesome List PRs Accepted | 0-1 | 1-2 | 2-4 | 3-6 |
---
## Daily Actuals
| Date | Day | Stars | Forks | Contributors | Unique Visitors | Clones | Issues | PRs | Notes |
|------|-----|-------|-------|--------------|-----------------|--------|--------|-----|-------|
| | 1 | | | | | | | | Launch day |
| | 2 | | | | | | | | |
| | 3 | | | | | | | | |
| | 4 | | | | | | | | |
| | 5 | | | | | | | | |
| | 6 | | | | | | | | |
| | 7 | | | | | | | | End of Week 1 |
| | 8 | | | | | | | | |
| | 9 | | | | | | | | |
| | 10 | | | | | | | | |
| | 11 | | | | | | | | |
| | 12 | | | | | | | | |
| | 13 | | | | | | | | |
| | 14 | | | | | | | | End of Week 2 |
| | 15 | | | | | | | | |
| | 16 | | | | | | | | |
| | 17 | | | | | | | | |
| | 18 | | | | | | | | |
| | 19 | | | | | | | | |
| | 20 | | | | | | | | |
| | 21 | | | | | | | | End of Week 3 |
| | 22 | | | | | | | | |
| | 23 | | | | | | | | |
| | 24 | | | | | | | | |
| | 25 | | | | | | | | |
| | 26 | | | | | | | | |
| | 27 | | | | | | | | |
| | 28 | | | | | | | | End of Week 4 |
| | 29 | | | | | | | | |
| | 30 | | | | | | | | 30-day mark |
---
## Weekly Summary
| Week | Stars (Total) | Stars (Delta) | Forks (Total) | Forks (Delta) | Contributors | Top Referrer | Notes |
|------|--------------|---------------|---------------|----------------|--------------|-------------|-------|
| 1 | | | | | | | |
| 2 | | | | | | | |
| 3 | | | | | | | |
| 4 | | | | | | | |
---
## Traffic Sources
Track where visitors come from (GitHub Insights > Traffic):
| Source | Week 1 | Week 2 | Week 3 | Week 4 |
|--------|--------|--------|--------|--------|
| GitHub Search | | | | |
| Direct / Bookmark | | | | |
| Reddit | | | | |
| Twitter/X | | | | |
| Hacker News | | | | |
| Awesome Lists | | | | |
| LinkedIn | | | | |
| Other | | | | |
---
## Content & Outreach Tracking
| Action | Date | Platform | Link | Engagement | Notes |
|--------|------|----------|------|------------|-------|
| Launch post | | Reddit r/cybersecurity | | | |
| Launch post | | Reddit r/netsec | | | |
| Launch post | | Hacker News | | | |
| Launch tweet | | Twitter/X | | | |
| LinkedIn post | | LinkedIn | | | |
| awesome-cybersecurity-agentic-ai PR | | GitHub | | | |
| awesome-ai-security PR | | GitHub | | | |
| awesome-security PR | | GitHub | | | |
| Demo video 1 | | YouTube | | | |
| Demo video 2 | | YouTube | | | |
| Demo video 3 | | YouTube | | | |
---
## Milestones
| Milestone | Target Date | Actual Date | Notes |
|-----------|------------|-------------|-------|
| First external star | Day 1 | | |
| First external fork | Day 1-2 | | |
| 100 stars | Week 1 | | |
| First external issue | Week 1 | | |
| First external PR | Week 1-2 | | |
| First awesome list acceptance | Week 2 | | |
| 500 stars | Week 2-3 | | |
| First external contributor merged | Week 2-3 | | |
| 1,000 stars | Week 3-4 | | |
| Featured in newsletter/blog | Week 2-4 | | |
| Conference talk accepted | Month 2+ | | |
---
## How to Collect Metrics
- **Stars/Forks:** GitHub repo page or `gh api repos/mukul975/Anthropic-Cybersecurity-Skills`
- **Unique Visitors/Clones:** GitHub Insights > Traffic (Settings > Insights, requires admin)
- **Referrers:** GitHub Insights > Traffic > Referring sites
- **Issues/PRs:** GitHub Issues/PR tabs or `gh issue list` / `gh pr list`
- **Contributors:** `git shortlog -sn --all` or GitHub Insights > Contributors
launch/reddit-posts.md
-196
View File
@@ -1,196 +0,0 @@
# Reddit Launch Posts
## Timing Guidance
- Space posts **2 hours apart** to avoid spam detection and maximize individual post visibility.
- Post **Tuesday through Thursday** for best engagement.
- Optimal window: **9:00 AM - 12:00 PM EST**.
- Suggested schedule: first post at 9:00 AM EST, second at 11:00 AM EST, third at 1:00 PM EST, then remaining posts over the following day.
- Do NOT cross-post (use Reddit's crosspost feature). Write unique copy for each subreddit.
---
## 1. r/netsec (~540K subscribers) -- Technical Focus
**Title:** Open-source database of 611+ structured cybersecurity skills for AI agents -- covers DFIR, malware analysis, cloud pentesting, and more
**Body:**
I've been building an open-source database of cybersecurity skills formatted for AI agent consumption. There are 611 skills across 24 subdomains, each following a structured YAML + Markdown format.
What makes this different from a wiki or cheat sheet:
- **Progressive disclosure architecture**: YAML frontmatter tells the agent WHEN to activate (trigger conditions, prerequisites), and the Markdown body provides the HOW (exact commands, tool flags, decision trees).
- **Tool-specific, not generic**: Skills reference specific tools with real commands. "Analyzing Memory Dumps with Volatility" includes the actual `vol3` plugin sequence, not "use a memory forensics tool."
- **Real references**: MITRE ATT&CK technique IDs, NIST control mappings, actual CVE numbers, CIS benchmark references.
- **Practitioner scripts and templates**: Each skill can include helper scripts and filled-in report/checklist templates.
Subdomain breakdown:
- Cloud Security (48 skills) -- AWS, Azure, GCP specific
- Threat Intelligence (43) -- STIX/TAXII, MISP, diamond model
- Web App Security (41) -- OWASP Top 10, specific injection types
- Threat Hunting (35) -- hypothesis-driven, ATT&CK-mapped
- Malware Analysis (34) -- static, dynamic, reverse engineering
- Digital Forensics (34) -- disk, memory, network, mobile
- Plus 18 more subdomains
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
Format follows the agentskills.io open standard. MIT licensed. Looking for practitioner contributors.
---
## 2. r/cybersecurity (~1M+ subscribers) -- Broader Audience
**Title:** I built an open-source library of 611 cybersecurity skills that AI agents can actually use -- from memory forensics to cloud pentesting
**Body:**
AI coding agents like Claude Code and GitHub Copilot are increasingly used for security tasks, but they lack structured cybersecurity knowledge. When you ask them to analyze a suspicious process or triage a SIEM alert, you get generic advice instead of the specific Volatility plugin, Splunk query, or Nessus configuration a practitioner would use.
I built an open-source database of 611 cybersecurity skills designed to give AI agents real practitioner-level knowledge.
**What each skill includes:**
- When to use it (and when NOT to)
- Tool-specific prerequisites
- Step-by-step workflows with exact commands
- References to MITRE ATT&CK, NIST, CIS benchmarks
- Helper scripts and report templates
**Coverage across 24 subdomains:**
Cloud Security, Threat Intelligence, Web App Security, Threat Hunting, Malware Analysis, Digital Forensics, SOC Operations, Network Security, IAM, OT/ICS Security, API Security, Container Security, Vulnerability Management, Red Teaming, Incident Response, Penetration Testing, Zero Trust, Phishing Defense, Endpoint Security, DevSecOps, Cryptography, Mobile Security, Ransomware Defense, Compliance & Governance.
The skills use a "progressive disclosure" format -- the YAML frontmatter gives the agent enough context to know when to activate, and the full body has the detailed procedure.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
MIT licensed. Looking for contributors, especially from practitioners who want to encode their expertise into a format AI agents can use.
---
## 3. r/blueteamsec (~34K subscribers) -- Defensive Focus
**Title:** Open-source skill library for AI-assisted blue team operations -- 611 skills covering DFIR, threat hunting, SOC operations, and detection engineering
**Body:**
Built an open-source database of 611 cybersecurity skills structured for AI agent consumption, with strong coverage of defensive operations:
**Blue team coverage:**
- **Threat Hunting (35 skills)**: Hypothesis-driven hunts for beaconing, LOLBins, persistence mechanisms, DNS tunneling, lateral movement, supply chain compromise
- **SOC Operations (33 skills)**: Alert triage, detection rule building (Sigma, Splunk SPL), SOAR playbooks, escalation matrices, metrics/KPI tracking
- **Incident Response (24 skills)**: Containment procedures, forensic collection, timeline reconstruction, ransomware response, lessons learned
- **Digital Forensics (34 skills)**: Memory forensics with Volatility, disk analysis with Autopsy, network forensics with Wireshark/Zeek, timeline analysis with Plaso
- **Threat Intelligence (43 skills)**: STIX/TAXII integration, MISP feeds, IOC enrichment, threat actor profiling, diamond model analysis
- **Detection Engineering**: Sigma rules, Splunk SPL queries, Suricata rules, Zeek scripts
Each skill includes the exact tool commands, decision trees, and real framework references (MITRE ATT&CK techniques, NIST controls) that a practitioner would use.
The format is designed so AI agents (Claude Code, Copilot, etc.) can use these skills to assist with real security work -- not replace analysts, but give them an AI assistant that actually knows the right Volatility plugin or Splunk query.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
MIT licensed. Contributions welcome -- especially from SOC analysts and IR practitioners.
---
## 4. r/hacking
**Title:** 611 cybersecurity skills structured for AI agents -- open-source, covers pentesting, red teaming, malware analysis, forensics, and more
**Body:**
Open-sourced a database of 611 cybersecurity skills that AI agents can use to assist with real security work.
Skills cover both offensive and defensive domains:
- **Penetration Testing (23 skills)**: Web app, network, cloud, mobile, AD, wireless
- **Red Teaming (24 skills)**: C2 infrastructure, lateral movement, persistence, AD attack paths
- **Malware Analysis (34 skills)**: Reverse engineering with Ghidra, dynamic analysis with CAPE/Cuckoo, packed malware unpacking
- **Web App Security (41 skills)**: SQLi, XSS, SSRF, deserialization, race conditions, request smuggling
- **Network Security (33 skills)**: Nmap, Wireshark, Suricata, Zeek, ARP spoofing, VLAN hopping
Each skill has real commands, not pseudocode. The Metasploit skill has actual `msfconsole` commands. The SQLMap skill has actual flags and tamper scripts. The Bloodhound skill has actual Cypher queries.
Format: YAML frontmatter + structured Markdown. Follows the agentskills.io open standard.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
MIT licensed. PRs welcome.
---
## 5. r/redteamsec
**Title:** Open-source AI agent skills for red team operations -- AD attack paths, C2 infrastructure, lateral movement, persistence techniques
**Body:**
I built a structured skill database for AI agents that includes significant red team coverage:
- **Red Teaming (24 skills)**: C2 with Sliver/Havoc, AD attack simulation, engagement planning, purple team exercises
- **Penetration Testing (23 skills)**: Full-scope pentesting, AD pentesting, cloud pentesting with Pacu/ScoutSuite, wireless with Aircrack-ng
- **Active Directory**: Bloodhound CE, Kerberoasting with Impacket, DCSync, constrained delegation abuse, NoPac, Zerologon, certificate services ESC1
- **Web exploitation**: SQLi, SSRF, deserialization, template injection, prototype pollution, request smuggling, race conditions
Each skill is structured with YAML frontmatter (triggers, prerequisites, tags) and a Markdown body with exact tool commands, decision trees, and MITRE ATT&CK mappings.
The idea: give AI agents the structured knowledge to assist with authorized security testing, not replace operators but augment them with instant recall of the right tool flag or attack chain.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
MIT licensed. Would especially appreciate contributions from red teamers on evasion techniques and emerging TTPs.
---
## 6. r/artificial
**Title:** Built 611 cybersecurity skills for AI agents -- how structured knowledge databases can make AI actually useful for specialized domains
**Body:**
AI coding agents (Claude Code, Cursor, GitHub Copilot) are powerful at general software engineering, but they struggle with specialized domains like cybersecurity. Ask them to analyze a memory dump and you get vague advice. Give them a structured skill file with the exact Volatility plugin sequence and decision tree, and they become genuinely useful.
I built an open-source database of 611 cybersecurity skills structured for AI agent consumption:
**The core insight: progressive disclosure**
The skills use a two-layer architecture:
1. **YAML frontmatter** -- Tells the agent WHEN to activate: skill name, description, domain/subdomain, tags. This is what gets indexed and matched against user queries.
2. **Markdown body** -- The HOW: step-by-step workflows with exact commands, tool flags, decision trees, validation steps. Only loaded when the skill activates.
This mirrors how human expertise works -- a senior analyst doesn't consciously think through every step of memory forensics until they need to, but they know instantly when it's the right approach.
**24 subdomains, 611 skills** covering cloud security, malware analysis, threat hunting, incident response, penetration testing, red teaming, and more.
The format follows the agentskills.io open standard, so any agent framework can index and use these skills.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
Interested in the broader question: how do we build domain-specific knowledge layers for AI agents? Cybersecurity is just one domain -- the same pattern could work for medicine, law, finance, etc.
---
## 7. r/opensource
**Title:** Open-sourced 611 cybersecurity skills for AI agents -- MIT licensed, structured for any agent framework
**Body:**
I've open-sourced a database of 611 cybersecurity skills designed for AI agent consumption.
**Why this exists:** AI agents are increasingly used for security tasks, but they lack the structured, tool-specific knowledge that practitioners have. This database encodes that knowledge in a format any AI agent can use.
**What's in it:**
- 611 skills across 24 cybersecurity subdomains
- Each skill: YAML frontmatter + structured Markdown with real commands
- References to MITRE ATT&CK, NIST, CIS benchmarks
- Helper scripts and report templates
- Follows the agentskills.io open standard
**Tech stack:** Pure Markdown + YAML. No build system, no dependencies. Any tool that can read files can use these skills.
**License:** MIT
**Contributing:** Looking for cybersecurity practitioners who want to improve existing skills or add new ones. The format is simple -- if you can write a runbook, you can contribute a skill.
Repo: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
launch/twitter-thread.md
-89
View File
@@ -1,89 +0,0 @@
# Twitter/X Launch Thread
Post as a thread. Pin the first tweet. Include the repo link in tweet 1 and tweet 7.
---
## Tweet 1 (268 characters)
I just open-sourced 611 cybersecurity skills for AI agents.
From malware analysis with Volatility to cloud pentesting with Pacu -- structured so Claude Code, Copilot, and any AI agent can use them.
MIT licensed. All 24 subdomains of cybersecurity.
github.com/mukul975/Anthropic-Cybersecurity-Skills
---
## Tweet 2 (277 characters)
The problem: AI agents are great at coding but terrible at cybersecurity.
Ask Claude to analyze a memory dump and you get generic advice.
Give it a structured skill with the exact Volatility plugin sequence, and it gives you the precise commands a senior analyst would use.
---
## Tweet 3 (270 characters)
Each skill uses progressive disclosure:
YAML frontmatter = WHEN to activate (triggers, domain, tags)
Markdown body = HOW to execute (exact commands, decision trees, validation)
The agent loads the frontmatter for routing, then the full body only when it needs the details.
---
## Tweet 4 (280 characters)
611 skills across 24 subdomains:
- Cloud Security (48)
- Threat Intelligence (43)
- Web App Security (41)
- Threat Hunting (35)
- Malware Analysis (34)
- Digital Forensics (34)
- SOC Operations (33)
- Network Security (33)
- IAM (33)
- OT/ICS Security (28)
- And 14 more
---
## Tweet 5 (257 characters)
These aren't generic cheat sheets. Every skill has:
- Real tool commands (not "use a scanner")
- MITRE ATT&CK technique IDs
- NIST/CIS benchmark references
- Decision trees for edge cases
- Practitioner helper scripts
- Filled-in report templates
---
## Tweet 6 (243 characters)
Why this matters for the security industry:
AI agents will increasingly assist with security work. The question isn't IF but HOW WELL.
Structured skill databases are how we go from "vaguely helpful AI" to "AI that knows the right Splunk query for T1059.001."
---
## Tweet 7 (248 characters)
The repo is MIT licensed and follows the agentskills.io open standard.
Looking for contributors -- especially practitioners who want to encode their expertise for AI agents.
If you write runbooks, you can write skills.
github.com/mukul975/Anthropic-Cybersecurity-Skills
launch/video-scripts.md
-322
View File
@@ -1,322 +0,0 @@
# Demo Video Scripts
Scripts for 3 launch demo videos. Each video targets a specific audience and goal.
---
## Video 1: Install & Demo -- Cybersecurity Skills for Claude Code
**Duration:** 3-5 minutes
**Target audience:** AI agent users, developers, security practitioners
**Goal:** Show installation and immediate value
### Title Card
```
Anthropic-Cybersecurity-Skills
611+ Cybersecurity Skills for AI Agents
github.com/mukul975/Anthropic-Cybersecurity-Skills
```
### Narration Script
**[0:00-0:15] Opening**
"What if your AI coding agent actually understood cybersecurity? Not just generic advice, but real, structured security skills it can follow step by step. That's exactly what Anthropic-Cybersecurity-Skills gives you. Let me show you."
**[0:15-0:45] What it is**
"Anthropic-Cybersecurity-Skills is an open-source library of over 611 cybersecurity skills built on the agentskills.io standard. Each skill is a structured SKILL.md file that any compatible AI agent can install and use. It covers threat detection, incident response, penetration testing, digital forensics, cloud security, network security, and more."
**[0:45-1:30] Installation**
"Let me show you how to install it. I'll open my terminal and clone the repository."
[Screen: terminal showing git clone]
"Now I'll tell Claude Code to use these skills. I add the skills directory to my project configuration."
[Screen: showing .claude/skills or equivalent configuration]
"That's it. The agent now has access to 611 cybersecurity skills."
**[1:30-3:00] Live Demo**
"Let's test it. I'll ask Claude to help me analyze a suspicious log file."
[Screen: Claude Code using a threat detection skill to analyze logs]
"Notice how the agent follows a structured methodology -- it's not guessing. It's following the skill's defined steps: identify indicators, correlate events, assess severity, and recommend response actions."
[Screen: showing the skill output with structured analysis]
"Let me try another one. I'll ask it to help with an incident response triage."
[Screen: Claude using an IR skill]
"Again, structured output following a defined methodology. This is the difference between an AI that gives generic security advice and one that follows professional security workflows."
**[3:00-3:30] Closing**
"All 611 skills are open source, free to use, and ready for you to install right now. Check out the repo at the link below, star it if you find it useful, and try installing skills into your own AI agent. Link in the description."
[Screen: GitHub repo page with star button highlighted]
### Screen Recording Checklist
- [ ] Clean terminal with readable font size (16pt+)
- [ ] Repo already cloned for speed (or show quick clone)
- [ ] Pre-staged log file for the threat detection demo
- [ ] Claude Code open and ready
- [ ] Screen resolution: 1920x1080
- [ ] Dark theme for terminal visibility
- [ ] Zoom in on key moments (skill output, structured results)
- [ ] No personal information visible on screen
- [ ] Test full flow end-to-end before recording
### YouTube Metadata
**Title:** Install 611 Cybersecurity Skills for Claude Code in 2 Minutes | AI Agent Security
**Description:**
```
Install 611+ cybersecurity skills for your AI coding agent. Works with Claude Code,
GitHub Copilot, Cursor, and 20+ platforms.
Get the skills: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
Skills cover:
- Threat detection & hunting
- Incident response
- Penetration testing
- Digital forensics
- Cloud security (AWS, Azure, GCP)
- Network security
- Malware analysis
- And more
Built on the agentskills.io open standard.
#cybersecurity #aiagents #claudecode #security #hacking #infosec
```
**Tags:** cybersecurity, AI agents, Claude Code, security skills, threat detection, incident response, penetration testing, agentskills, open source, infosec, AI security, GitHub Copilot, Cursor, security automation
---
## Video 2: AI Agent vs. Real Security Task -- Testing Threat Hunting Skills
**Duration:** 5-8 minutes
**Target audience:** Security professionals, SOC analysts, threat hunters
**Goal:** Demonstrate real-world applicability and depth
### Title Card
```
AI Agent vs. Real Security Task
Testing Threat Hunting Skills
Anthropic-Cybersecurity-Skills
```
### Narration Script
**[0:00-0:30] Opening**
"Can an AI agent actually help with real threat hunting? Not toy examples, but actual security analysis work? I installed 611 cybersecurity skills into Claude Code and I'm going to put it to the test with a realistic threat hunting scenario."
**[0:30-1:30] Setup**
"Here's the scenario. We have a set of network logs and system events from what looks like a compromised environment. There are signs of lateral movement, possible data exfiltration, and some suspicious process execution. Let's see how the AI agent handles this with the cybersecurity skills installed."
[Screen: showing sample log data]
"I have the Anthropic-Cybersecurity-Skills library installed. The agent has access to threat detection skills, network analysis skills, and incident response skills. Let's go."
**[1:30-4:00] Threat Hunting Walkthrough**
"First, I'll ask the agent to perform initial threat hunting on these logs."
[Screen: Claude analyzing logs using threat hunting skill]
"Look at this. The agent is following a structured methodology from the threat hunting skill. It starts with hypothesis generation based on the available data, then moves to indicator identification."
[Screen: showing structured output with IOCs identified]
"It's found several indicators of compromise: unusual outbound connections, encoded PowerShell commands, and registry modifications consistent with persistence mechanisms. Let's dig deeper."
[Screen: asking Claude to investigate lateral movement indicators]
"Now it's correlating events across multiple log sources, mapping to MITRE ATT&CK techniques. T1059 Command and Scripting Interpreter, T1547 Boot or Logon Autostart Execution, T1071 Application Layer Protocol for the C2 channel."
[Screen: showing ATT&CK mapping output]
**[4:00-5:30] Analysis Quality**
"What makes this useful isn't just that it found things -- any grep command could find suspicious strings. The value is in the structured analysis. The skill guides the agent through a repeatable methodology: collect, correlate, hypothesize, validate, and document."
"Compare this to asking a generic AI the same question without these skills. You'd get a wall of text with generic advice. With the skills installed, you get structured, actionable output that follows professional security workflows."
**[5:30-6:30] Closing**
"This is one scenario across one set of skills. The library has 611 skills covering 12 cybersecurity subdomains. Threat detection, incident response, pentesting, forensics, cloud security, and more."
"If you're a security professional who uses AI tools, these skills make your agent significantly more capable. Link to the repo in the description. Star it, try it, and let me know what you think."
### Screen Recording Checklist
- [ ] Prepare realistic (but safe) log samples in advance
- [ ] Pre-test the full scenario to ensure compelling output
- [ ] Have ATT&CK framework reference ready for cross-checking
- [ ] Screen resolution: 1920x1080, dark theme
- [ ] Record agent output in real-time (no speedup on analysis sections)
- [ ] Highlight key findings with cursor or annotations
- [ ] Prepare fallback if agent output differs from expected
### YouTube Metadata
**Title:** AI Agent Threat Hunting Test: Can Claude Code Analyze Real Security Logs?
**Description:**
```
Testing whether an AI agent with 611 cybersecurity skills can perform real threat hunting.
Using Claude Code with Anthropic-Cybersecurity-Skills installed.
Get the skills: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
In this video:
- Realistic threat hunting scenario with network and system logs
- AI agent following structured threat detection methodology
- IOC identification and correlation
- MITRE ATT&CK technique mapping
- Comparison with vs without cybersecurity skills installed
#threathunting #cybersecurity #aiagents #soc #infosec #mitreattack
```
**Tags:** threat hunting, cybersecurity, AI agents, SOC analyst, Claude Code, MITRE ATT&CK, incident response, log analysis, IOC, threat detection, security automation, AI security
---
## Video 3: Contributing Your First Cybersecurity Skill (SKILL.md Tutorial)
**Duration:** 5-7 minutes
**Target audience:** Open-source contributors, security practitioners wanting to contribute
**Goal:** Lower the barrier to contribution, grow the community
### Title Card
```
Contributing Your First Cybersecurity Skill
A SKILL.md Tutorial
Anthropic-Cybersecurity-Skills
```
### Narration Script
**[0:00-0:30] Opening**
"Want to contribute a cybersecurity skill that AI agents around the world can use? In the next few minutes, I'll walk you through writing your first SKILL.md file and submitting it to the Anthropic-Cybersecurity-Skills project. It's easier than you think."
**[0:30-1:30] Understanding the Format**
"Every skill in this project is a single file called SKILL.md. It follows the agentskills.io standard, which means any compatible AI agent can read and use it. Let me show you the structure."
[Screen: open an existing SKILL.md file]
"The file has YAML frontmatter at the top with metadata -- the skill name, description, version, tags, and category. Then the body contains the actual skill content in Markdown: an overview, step-by-step methodology, tools and commands, and expected outputs."
[Screen: highlighting each section]
"Think of it as writing a structured playbook that an AI agent will follow. You're encoding your security expertise into a format that machines can use."
**[1:30-3:30] Writing a Skill**
"Let's write one from scratch. I'll create a skill for analyzing suspicious email headers -- a common security task."
[Screen: create new directory and SKILL.md file]
"First, the frontmatter. I'll set the name, description, category, and tags."
[Screen: typing YAML frontmatter]
"Now the body. I start with an overview explaining what this skill does and when to use it. Then I write the step-by-step methodology."
[Screen: typing the skill body]
"Step 1: Extract and parse email headers. Step 2: Analyze the Received chain for anomalies. Step 3: Check SPF, DKIM, and DMARC results. Step 4: Investigate sender reputation. Step 5: Document findings and recommend action."
"For each step, I include the specific commands, tools, or techniques the AI agent should use. The more concrete and actionable, the better the skill works."
[Screen: completing the skill with tools and expected outputs]
**[3:30-5:00] Submitting a PR**
"Now let's submit this as a contribution. I'll fork the repo, create a branch, add my skill, and open a pull request."
[Screen: git workflow]
"Fork the repo. Create a branch named for your skill. Add your SKILL.md file in the correct subdomain directory. Commit with a clear message."
[Screen: showing PR creation on GitHub]
"In the PR description, explain what your skill does and why it's useful. The maintainers will review it and provide feedback."
**[5:00-5:45] Tips and Closing**
"A few tips for writing great skills. First, be specific -- vague instructions produce vague results. Second, include real tool names and commands when applicable. Third, structure your steps in a logical order that a security professional would follow. Fourth, test it by actually asking an AI agent to use your skill before you submit."
"The project has over 611 skills already, but there's always room for more. Check the issues tab for skill requests, or contribute something from your own expertise. Every contribution helps make AI agents better at cybersecurity. Link in the description."
### Screen Recording Checklist
- [ ] Have an existing SKILL.md open as reference
- [ ] Pre-plan the example skill (email header analysis) but type live
- [ ] Show the git fork/branch/PR workflow step by step
- [ ] Use GitHub web UI for the PR creation (more visual)
- [ ] Screen resolution: 1920x1080
- [ ] Split screen: editor on left, preview on right (if possible)
- [ ] Show CONTRIBUTING.md guidelines briefly
- [ ] Test the finished skill with an AI agent as a bonus segment
### YouTube Metadata
**Title:** Write Your First AI Cybersecurity Skill in 5 Minutes | SKILL.md Tutorial
**Description:**
```
Step-by-step tutorial for contributing a cybersecurity skill to the
Anthropic-Cybersecurity-Skills open-source project.
Get started: https://github.com/mukul975/Anthropic-Cybersecurity-Skills
In this video:
- Understanding the SKILL.md format (agentskills.io standard)
- Writing a skill from scratch (email header analysis example)
- Submitting your contribution via GitHub PR
- Tips for writing effective security skills
No prior open-source contribution experience needed.
#opensource #cybersecurity #tutorial #aiagents #contributing #github
```
**Tags:** open source contribution, SKILL.md, agentskills, cybersecurity, tutorial, GitHub, pull request, AI agents, security skills, Claude Code, how to contribute, beginner friendly
---
## Production Notes
### Recording Setup
- **Screen recording:** OBS Studio (free) or ScreenFlow (Mac)
- **Audio:** External USB microphone recommended; record in quiet room
- **Resolution:** 1920x1080 minimum, 4K preferred
- **Frame rate:** 30fps for screen recordings
- **Format:** MP4 (H.264) for upload
### Editing Checklist
- [ ] Add title cards at beginning and end
- [ ] Add subscribe/star callout overlays
- [ ] Speed up typing sections (1.5-2x) to maintain pacing
- [ ] Add chapter markers for YouTube
- [ ] Add captions/subtitles (YouTube auto-captions + manual review)
- [ ] Include repo link as pinned comment
### Thumbnail Design
- High contrast text on dark background
- Include "611 Skills" or key number
- Show terminal/code screenshot in background
- Use consistent branding across all 3 videos
package.json
-22
View File
@@ -1,22 +0,0 @@
{
"name": "anthropic-cybersecurity-skills",
"version": "1.0.0",
"description": "Open-source database of 607+ cybersecurity skills for AI agents and security practitioners",
"author": "mukul975",
"license": "MIT",
"repository": {
"type": "git",
"url": "https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git"
},
"keywords": [
"cybersecurity",
"ai-skills",
"agent-skills",
"skill-database",
"claude",
"anthropic"
],
"dependencies": {
"@anthropic-ai/claude-code": "^2.1.50"
}
}