mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-14 19:55:16 +03:00
8cae0648ec
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):
- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
invocation, guardrails, model/data poisoning, system-prompt leakage,
embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration
Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
60 lines
2.2 KiB
Markdown
60 lines
2.2 KiB
Markdown
# API Reference — MCP Server Auditing
|
|
|
|
## mcp-scan CLI (Invariant Labs)
|
|
|
|
Run via uvx (no global install): `uvx mcp-scan@latest`
|
|
|
|
| Command | Description |
|
|
|---------|-------------|
|
|
| `mcp-scan` / `mcp-scan scan [config]` | Statically scan MCP configs for poisoning, shadowing, rug pulls, toxic flows |
|
|
| `mcp-scan inspect [config]` | Print tool/prompt/resource descriptions without verification |
|
|
| `mcp-scan proxy` | Runtime proxy: monitor and guardrail MCP traffic (requires `[proxy]` extra) |
|
|
| `--json` | Emit machine-readable JSON report |
|
|
|
|
Examples:
|
|
```bash
|
|
uvx mcp-scan@latest ~/.vscode/mcp.json
|
|
uvx mcp-scan@latest inspect ~/.cursor/mcp.json
|
|
uvx --with "mcp-scan[proxy]" mcp-scan@latest proxy
|
|
```
|
|
|
|
mcp-scan features: tool pinning (hash-based rug-pull detection), cross-origin escalation checks, toxic-flow analysis.
|
|
|
|
## MCP Python SDK
|
|
|
|
Install: `pip install mcp`
|
|
|
|
| API | Description |
|
|
|-----|-------------|
|
|
| `StdioServerParameters(command, args)` | Define a stdio MCP server to launch |
|
|
| `stdio_client(params)` | Async context manager yielding (read, write) streams |
|
|
| `ClientSession(read, write)` | MCP client session |
|
|
| `session.initialize()` | Perform MCP handshake |
|
|
| `session.list_tools()` | Return advertised tools (`.tools[].name`, `.description`, `.inputSchema`) |
|
|
| `session.list_prompts()` | List advertised prompts |
|
|
| `session.list_resources()` | List advertised resources |
|
|
| `session.call_tool(name, args)` | Invoke a tool (use for SSRF probing on owned servers) |
|
|
|
|
## Common MCP config locations
|
|
|
|
| Client | Path |
|
|
|--------|------|
|
|
| Cursor | `~/.cursor/mcp.json` |
|
|
| VS Code | `~/.vscode/mcp.json` |
|
|
| Claude Desktop | `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) |
|
|
|
|
## SSRF probe targets (owned systems only)
|
|
|
|
| Target | Purpose |
|
|
|--------|---------|
|
|
| `http://169.254.169.254/latest/meta-data/` | AWS instance metadata (IMDS) |
|
|
| `http://metadata.google.internal/` | GCP metadata |
|
|
| `http://127.0.0.1:<port>/` | Loopback services |
|
|
| `file:///etc/passwd` | Local file disclosure |
|
|
|
|
## External References
|
|
|
|
- mcp-scan README: https://github.com/invariantlabs-ai/mcp-scan/blob/main/README.md
|
|
- MCP spec: https://modelcontextprotocol.io/specification
|
|
- MCP Python SDK: https://github.com/modelcontextprotocol/python-sdk
|