By 5mehulhelp5
607+ cybersecurity skills covering web security, pentesting, DFIR, threat intelligence, cloud security, malware analysis, and more.
Analyzes Windows Security, System, and Sysmon event logs in Splunk to detect authentication attacks, privilege escalation, persistence mechanisms, and lateral movement using SPL queries mapped to MITRE ATT&CK techniques. Use when SOC analysts need to investigate Windows-based threats, build detection queries, or perform forensic timeline analysis of Windows endpoints and domain controllers.
Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers for forensic timeline reconstruction.
Parse Windows Prefetch files using the windowsprefetch Python library to reconstruct application execution history, detect renamed or masquerading binaries, and identify suspicious program execution patterns.
Extract and analyze Windows Registry hives to uncover user activity, installed software, autostart entries, and evidence of system compromise.
Analyze Windows Shellbag registry artifacts to reconstruct folder browsing activity, detect access to removable media and network shares, and establish user interaction with directories even after deletion using SBECmd and ShellBags Explorer.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
734+ cybersecurity skills for AI agents · agentskills.io open standard
Warning: Community Project -- Not affiliated with Anthropic PBC. This is an independent, community-created collection. "Anthropic" in the repository name refers to the agentskills.io standard compatibility, not official Anthropic affiliation.
The largest open-source collection of cybersecurity skills for AI agents. Every skill follows the agentskills.io open standard and works instantly with Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, Gemini CLI, and 20+ other platforms.
Method 1: npx skills
npx skills add mukul975/Anthropic-Cybersecurity-Skills
Method 2: Claude Code plugin
/plugin marketplace add mukul975/Anthropic-Cybersecurity-Skills
Method 3: Manual clone
git clone https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
| Category | Skills | Example Skills |
|---|---|---|
| Cloud Security | 48 | AWS S3 Bucket Audit, Azure AD Configuration, GCP Security Assessment |
| Threat Intelligence | 43 | APT Group Analysis with MITRE Navigator, Campaign Attribution, Dark Web Monitoring |
| Web Application Security | 41 | HTTP Request Smuggling, XSS with Burp Suite, Web Cache Poisoning |
| Threat Hunting | 35 | Credential Dumping Detection, DNS Tunneling with Zeek, Living-off-the-Land Binaries |
| Malware Analysis | 34 | Cobalt Strike Beacon Config, Ghidra Reverse Engineering, YARA Rule Development |
| Digital Forensics | 34 | Disk Imaging with dd/dcfldd, Memory Forensics with Volatility3, Browser Forensics |
| SOC Operations | 33 | Windows Event Log Analysis, Splunk Detection Rules, SIEM Use Case Implementation |
| Network Security | 33 | Wireshark Traffic Analysis, VLAN Segmentation, Suricata IDS Configuration |
| Identity & Access Management | 33 | SAML SSO with Okta, Privileged Access Management, RBAC for Kubernetes |
| OT/ICS Security | 28 | SCADA System Attack Detection, Modbus Anomaly Detection, Purdue Model Segmentation |
| API Security | 28 | API Enumeration Detection, BOLA Exploitation, GraphQL Security Assessment |
| Container Security | 26 | Trivy Image Scanning, Falco Runtime Detection, Kubernetes Pod Security |
| Vulnerability Management | 24 | DefectDojo Dashboard, CVSS Scoring, Patch Management Workflow |
| Red Teaming | 24 | Sliver C2 Framework, BloodHound AD Analysis, Kerberoasting with Impacket |
| Incident Response | 24 | Ransomware Response, Cloud Incident Containment, Volatile Evidence Collection |
| Penetration Testing | 23 | External Network Pentest, Kubernetes Pentest, Active Directory Pentest |
| Zero Trust Architecture | 17 | HashiCorp Boundary, Zscaler ZTNA, BeyondCorp Access Model |
| Endpoint Security | 16 | CIS Benchmark Hardening, Windows Defender Configuration, Host-Based IDS |
| DevSecOps | 16 | GitLab CI Pipeline, Semgrep Custom SAST Rules, Secret Scanning with Gitleaks |
| Phishing Defense | 16 | Email Header Analysis, GoPhish Simulation, DMARC/DKIM/SPF Configuration |
| Cryptography | 13 | TLS 1.3 Configuration, HSM Key Storage, Certificate Authority with OpenSSL |
| Mobile Security | 12 | iOS App Analysis with Objection, Android Malware Reverse Engineering, Frida Hooking |
| Ransomware Defense | 5 | Ransomware Precursor Detection, Backup Strategy, Honeypot Detection |
| Compliance & Governance | 5 | GDPR Data Protection, ISO 27001 ISMS, PCI DSS Controls |
Each skill follows the agentskills.io progressive disclosure pattern. During discovery, an AI agent reads only the YAML frontmatter (~30-50 tokens) to decide relevance:
---
name: performing-memory-forensics-with-volatility3
description: Analyze memory dumps to extract processes, network connections, and malware artifacts using Volatility3.
domain: cybersecurity
subdomain: digital-forensics
tags: [forensics, memory-analysis, volatility3, incident-response]
---
npx claudepluginhub 5mehulhelp5/anthropic-cybersecurity-skillsAgent Skills for AI/ML tasks including dataset creation, model training, evaluation, and research paper publishing on Hugging Face Hub
Detect and drive MageBox-managed Magento/MageOS projects from Claude Code: start/stop services, run custom commands, onboard (clone/fetch/sync), and control PHP — via the magebox CLI.
Manus-style persistent markdown files for planning, progress tracking, and knowledge storage. Works with Claude Code, Kiro, Clawd CLI, Gemini CLI, Cursor, Continue, and 16+ AI coding assistants. Now with Arabic, German, Spanish, and Chinese (Simplified & Traditional) support.
End-to-end Magento 2 engineering skills: scaffold, review, test, fix, deploy, audit, and more. Hub-and-spoke design around magento2-context.
Battle-tested Claude Code plugin for engineering teams — 38 agents, 156 skills, 72 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Comprehensive .NET development skills for modern C#, ASP.NET, MAUI, Blazor, Aspire, EF Core, Native AOT, testing, security, performance optimization, CI/CD, and cloud-native applications
The most comprehensive Claude Code plugin — 14+ agents, 56+ skills, 33+ commands, and production-ready hooks for TDD, security scanning, code review, and continuous learning
Lazy senior dev mode. Forces the simplest, shortest solution that actually works: YAGNI, stdlib first, no unrequested abstractions.
Develop, test, build, and deploy Godot 4.x games with Claude Code. Includes GdUnit4 testing, web/desktop exports, CI/CD pipelines, and deployment to Vercel/GitHub Pages/itch.io.
Tools to maintain and improve CLAUDE.md files - audit quality, capture session learnings, and keep project memory current.