mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-14 11:51:16 +03:00
8cae0648ec
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):
- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
invocation, guardrails, model/data poisoning, system-prompt leakage,
embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration
Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
2.2 KiB
2.2 KiB
API Reference — MCP Server Auditing
mcp-scan CLI (Invariant Labs)
Run via uvx (no global install): uvx mcp-scan@latest
| Command | Description |
|---|---|
mcp-scan / mcp-scan scan [config] |
Statically scan MCP configs for poisoning, shadowing, rug pulls, toxic flows |
mcp-scan inspect [config] |
Print tool/prompt/resource descriptions without verification |
mcp-scan proxy |
Runtime proxy: monitor and guardrail MCP traffic (requires [proxy] extra) |
--json |
Emit machine-readable JSON report |
Examples:
uvx mcp-scan@latest ~/.vscode/mcp.json
uvx mcp-scan@latest inspect ~/.cursor/mcp.json
uvx --with "mcp-scan[proxy]" mcp-scan@latest proxy
mcp-scan features: tool pinning (hash-based rug-pull detection), cross-origin escalation checks, toxic-flow analysis.
MCP Python SDK
Install: pip install mcp
| API | Description |
|---|---|
StdioServerParameters(command, args) |
Define a stdio MCP server to launch |
stdio_client(params) |
Async context manager yielding (read, write) streams |
ClientSession(read, write) |
MCP client session |
session.initialize() |
Perform MCP handshake |
session.list_tools() |
Return advertised tools (.tools[].name, .description, .inputSchema) |
session.list_prompts() |
List advertised prompts |
session.list_resources() |
List advertised resources |
session.call_tool(name, args) |
Invoke a tool (use for SSRF probing on owned servers) |
Common MCP config locations
| Client | Path |
|---|---|
| Cursor | ~/.cursor/mcp.json |
| VS Code | ~/.vscode/mcp.json |
| Claude Desktop | ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) |
SSRF probe targets (owned systems only)
| Target | Purpose |
|---|---|
http://169.254.169.254/latest/meta-data/ |
AWS instance metadata (IMDS) |
http://metadata.google.internal/ |
GCP metadata |
http://127.0.0.1:<port>/ |
Loopback services |
file:///etc/passwd |
Local file disclosure |
External References
- mcp-scan README: https://github.com/invariantlabs-ai/mcp-scan/blob/main/README.md
- MCP spec: https://modelcontextprotocol.io/specification
- MCP Python SDK: https://github.com/modelcontextprotocol/python-sdk