mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 26 security domains · Apache 2.0
From the README
611+ cybersecurity skills for AI agents · agentskills.io open standard
Warning: Community Project -- Not affiliated with Anthropic PBC. This is an independent, community-created collection. "Anthropic" in the repository name refers to the agentskills.io standard compatibility, not official Anthropic affiliation.
The largest open-source collection of cybersecurity skills for AI agents. Every skill follows the agentskills.io open standard and works instantly with Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, Gemini CLI, and 20+ other platforms.
Quick Start
Method 1: npx skills
npx skills add mukul975/Anthropic-Cybersecurity-Skills
Method 2: Claude Code plugin
/plugin marketplace add mukul975/Anthropic-Cybersecurity-Skills
Method 3: Manual clone
git clone
Skill Categories
| Category | Skills | Example Skills | |----------|-------:|----------------| | Cloud Security | 48 | AWS S3 Bucket Audit, Azure AD Configuration, GCP Security Assessment | | Threat Intelligence | 43 | APT Group Analysis with MITRE Navigator, Campaign Attribution, Dark Web Monitoring | | Web Application Security | 41 | HTTP Request Smuggling, XSS with Burp Suite, Web Cache Poisoning | | Threat Hunting | 35 | Credential Dumping Detection, DNS Tunneling with Zeek, Living-off-the-Land Binaries | | Malware Analysis | 34 | Cobalt Strike Beacon Config, Ghidra Reverse Engineering, YARA Rule Development | | Digital Forensics | 34 | Disk Imaging with dd/dcfldd, Memory Forensics with Volatility3, Browser Forensics | | SOC Operations | 33 | Windows Event Log Analysis, Splunk Detection Rules, SIEM Use Case Implementation | | Network Security | 33 | Wireshark Traffic Analysis, VLAN Segmentation, Suricata IDS Configuration | | Identity & Access Management | 33 | SAML SSO with Okta, Privileged Access Management, RBAC for Kubernetes | | OT/ICS Security | 28 | SCADA System Attack Detection, Modbus Anomaly Detection, Purdue Model Segmentation | | API Security | 28 | API Enumeration Detection, BOLA Exploitation, GraphQL Security Assessment | | Container Security | 26 | Trivy Image Scanning, Falco Runtime Detection, Kubernetes Pod Security | | Vulnerability Management | 24 | DefectDojo Dashboard, CVSS Scoring, Patch Management Workflow | | Red Teaming | 24 | Sliver C2 Framework, BloodHound AD Analysis, Kerberoasting with Impacket | | Incident Response | 24 | Ransomware Response, Cloud Incident Containment, Volatile Evidence Collection | | Penetration Testing | 23 | External Network Pentest, Kubernetes Pentest, Active Directory Pentest | | Zero Trust Architecture | 17 | HashiCorp Boundary, Zscaler ZTNA, BeyondCorp Access Model | | Endpoint Security | 16 | CIS Benchmark Hardening, Windows Defender Configuration, Host-Based IDS | | DevSecOps | 16 | GitLab CI Pipeline, Semgrep Custom SAST Rules, Secret Scanning with Gitleaks | | Phishing Defense | 16 | Email Header Analysis, GoPhish Simulation, DMARC/