mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 21:24:56 +03:00

Files

T

mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders

2026-03-10 21:02:12 +01:00

1.3 KiB

Raw Permalink Blame History

API Reference: Implementing API Key Security Controls

Secure Key Generation

import secrets, hashlib
key = f"sk_{secrets.token_hex(32)}"
key_hash = hashlib.sha256(key.encode()).hexdigest()  # Store hash only

Leaked Key Patterns

Pattern	Service
`sk_live_[a-zA-Z0-9]{24,}`	Stripe
`AKIA[0-9A-Z]{16}`	AWS
`AIza[0-9A-Za-z_-]{35}`	Google
`ghp_[a-zA-Z0-9]{36}`	GitHub PAT
`sk-[a-zA-Z0-9]{48}`	OpenAI

Key Rotation Policy

Criteria	Threshold	Severity
Key age > 90 days	Rotation required	HIGH
Unused > 30 days	Revocation candidate	MEDIUM
Wildcard scope	Scope reduction needed	HIGH
Shared across IPs	Possible leak	HIGH

TruffleHog Scanning

trufflehog filesystem --directory /path/to/code --json
trufflehog git https://github.com/org/repo --json

GitHub Secret Scanning API

curl -H "Authorization: token $TOKEN" \
  https://api.github.com/repos/OWNER/REPO/secret-scanning/alerts

References

GitHub Secret Scanning: https://docs.github.com/en/code-security/secret-scanning
TruffleHog: https://github.com/trufflesecurity/trufflehog
OWASP API Key Management: https://cheatsheetseries.owasp.org/cheatsheets/API_Security_Cheat_Sheet.html

1.3 KiB Raw Permalink Blame History

API Reference: Implementing API Key Security Controls

Secure Key Generation

Leaked Key Patterns

Key Rotation Policy

TruffleHog Scanning

GitHub Secret Scanning API

References

1.3 KiB

Raw Permalink Blame History