mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-26 19:54:37 +03:00
mukul975
8cae0648ec
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):
- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
invocation, guardrails, model/data poisoning, system-prompt leakage,
embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration
Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
50 lines
2.1 KiB
Markdown
50 lines
2.1 KiB
Markdown
# API Reference — Agentic AI Tool Invocation Controls
|
|
|
|
## NVIDIA NeMo Guardrails
|
|
|
|
Install: `pip install nemoguardrails`
|
|
|
|
| API | Description |
|
|
|-----|-------------|
|
|
| `RailsConfig.from_path("./guardrails_config")` | Load rails config (config.yml, prompts.yml, *.co flows) |
|
|
| `RailsConfig.from_content(yaml_content=..., colang_content=...)` | Load config inline |
|
|
| `LLMRails(config)` | Build a guarded LLM wrapper |
|
|
| `rails.generate(messages=[...])` | Run input/output/tool rails around generation |
|
|
| `rails.register_action(fn, name=...)` | Register a custom tool/action under rail control |
|
|
|
|
Built-in flows: `self check input`, `self check output`, `self check facts`. Rail types: `input`, `output`, `dialog`, `retrieval`, `execution/tool`.
|
|
|
|
## jsonschema
|
|
|
|
Install: `pip install jsonschema`
|
|
|
|
| API | Description |
|
|
|-----|-------------|
|
|
| `validate(instance=args, schema=schema)` | Raise `ValidationError` if args violate schema |
|
|
| `additionalProperties: false` | Deny-by-default extra arguments |
|
|
| `pattern` / `maxLength` / `enum` | Constrain argument values (e.g. recipient domain allowlist) |
|
|
|
|
## AWS STS (boto3) — scoped identity
|
|
|
|
Install: `pip install boto3`
|
|
|
|
| API | Description |
|
|
|-----|-------------|
|
|
| `sts.assume_role(RoleArn, RoleSessionName, Policy, DurationSeconds)` | Assume a role with an inline session policy that *further restricts* permissions |
|
|
| `DurationSeconds=900` | Short-lived (15 min) credentials, least privilege |
|
|
| `boto3.Session(aws_access_key_id=..., aws_session_token=...)` | Use the scoped creds for the tool call |
|
|
|
|
## Policy decision contract
|
|
|
|
| Decision | Meaning | Action |
|
|
|----------|---------|--------|
|
|
| `allow` | Allowlisted, args valid, low impact | Execute tool |
|
|
| `require_approval` | High-impact tool | Route to human-in-the-loop, fail-closed |
|
|
| `deny` | Unknown tool or invalid args | Reject and log |
|
|
|
|
## External References
|
|
|
|
- NeMo Guardrails docs: https://docs.nvidia.com/nemo/guardrails/
|
|
- jsonschema docs: https://python-jsonschema.readthedocs.io/
|
|
- OWASP Agentic AI Top 10: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/
|