Skill

implementing-deception-based-detection-with-canarytoken

Deploys and monitors Canary Tokens via Thinkst Canary API for deception-based breach detection using web bug, DNS, document, and AWS key tokens.

Python

security

npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Canary Tokens are lightweight tripwire mechanisms that alert when an attacker accesses a resource. This skill uses the Thinkst Canary REST API to programmatically create tokens (web bugs, DNS tokens, MS Word documents, AWS API keys), deploy them to strategic locations, monitor for triggered alerts, and generate deception coverage reports.

Supporting Assets

LICENSEreferences/api-reference.mdscripts/agent.py

SKILL.md

Similar Skills

applying-brand-guidelines

41.6k

Applies Acme Corporation brand guidelines including colors, fonts, layouts, and messaging to generated PowerPoint, Excel, and PDF documents.

3 files

anthropics-claude-cookbooks

creating-financial-models

41.6k

Builds DCF models with sensitivity analysis, Monte Carlo simulations, and scenario planning for investment valuation and risk assessment.

2 files

anthropics-claude-cookbooks

analyzing-financial-statements

41.6k

Calculates profitability (ROE, margins), liquidity (current ratio), leverage, efficiency, and valuation (P/E, EV/EBITDA) ratios from financial statements in CSV, JSON, text, or Excel for investment analysis.

2 files

anthropics-claude-cookbooks

Stats

Stars5748

Forks783

Last CommitApr 6, 2026

Actions

View Source View Plugin View on GitHub View README

Implementing Deception-Based Detection with Canarytoken

Overview

When to Use

When deploying or configuring implementing deception based detection with canarytoken capabilities in your environment
When establishing security controls aligned to compliance requirements
When building or improving security architecture for this domain
When conducting security assessments that require this implementation

Prerequisites

Thinkst Canary Console or canarytokens.org account
API auth token from Canary Console
Python 3.9+ with requests
File system access for deploying document and file tokens

Steps

Authenticate to the Canary Console API using auth_token
Create web bug (HTTP) tokens for embedding in documents and web pages
Create DNS tokens for monitoring DNS resolution attempts
Create MS Word document tokens for file share deployment
List all active tokens and their trigger history
Query recent alerts for triggered token events
Generate deception coverage report with deployment recommendations

Expected Output

JSON report listing all deployed Canary Tokens, trigger history, alert details, and coverage analysis
Deployment map showing token types across network segments