/ Directory / Playground / Cybersecurity Skills (754)
← All servers ↗ GitHub
● Community mukul975 ⚡ Instant

Cybersecurity Skills (754)

by mukul975 · mukul975/Anthropic-Cybersecurity-Skills

754 structured defensive cybersecurity skills mapped to MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF — turn AI agents into a security team you can audit.

A defensive cybersecurity skill library following the agentskills.io standard. Covers 26 security domains (IR, threat hunting, vulnerability management, AppSec, GRC, AI security) with each skill linked to multiple frameworks so you can prove auditor-grade traceability. Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI, and 20+ other agent platforms.

▶ Watch demo 📦 Install 💡 Use Cases

Why use it

Key features

Live Demo

What it looks like in practice

ready

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "anthropic-cybersecurity-skills": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/mukul975/Anthropic-Cybersecurity-Skills",
        "~/.claude/skills/cybersecurity-skills"
      ],
      "_inferred": true
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "anthropic-cybersecurity-skills": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/mukul975/Anthropic-Cybersecurity-Skills",
        "~/.claude/skills/cybersecurity-skills"
      ],
      "_inferred": true
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "anthropic-cybersecurity-skills": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/mukul975/Anthropic-Cybersecurity-Skills",
        "~/.claude/skills/cybersecurity-skills"
      ],
      "_inferred": true
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "anthropic-cybersecurity-skills": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/mukul975/Anthropic-Cybersecurity-Skills",
        "~/.claude/skills/cybersecurity-skills"
      ],
      "_inferred": true
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "anthropic-cybersecurity-skills",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/mukul975/Anthropic-Cybersecurity-Skills",
        "~/.claude/skills/cybersecurity-skills"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json
{
  "context_servers": {
    "anthropic-cybersecurity-skills": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/mukul975/Anthropic-Cybersecurity-Skills",
          "~/.claude/skills/cybersecurity-skills"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add anthropic-cybersecurity-skills -- git clone https://github.com/mukul975/Anthropic-Cybersecurity-Skills ~/.claude/skills/cybersecurity-skills

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use Cybersecurity Skills (754)

Run a NIST IR-aligned response on a suspected compromise

👤 Solo SREs / small SOCs without a runbook library ⏱ ~90 min advanced

When to use: An alert fired and you need a structured response, not panic-googling.

Prerequisites
  • Skill installed — git clone https://github.com/mukul975/Anthropic-Cybersecurity-Skills ~/.claude/skills/cybersecurity-skills
Flow
  1. Triage
    Use the IR skill. Suspected compromise on host X — guide me through NIST SP 800-61 R2 phases. Stop after Containment.✓ Copied
    → Phase-by-phase checklist with concrete commands
  2. Collect
    What evidence should I capture before isolating the host? Give me the exact osquery / GRR commands.✓ Copied
    → Specific commands; no hand-waving
  3. Document
    Generate the IR report scaffold mapped to MITRE ATT&CK techniques observed.✓ Copied
    → Report with mapped TTPs

Outcome: A defensible IR record linked to standards.

Pitfalls
  • Skill suggests offensive steps — It shouldn't — it's defensive-only. If you see anything offensive, that's a bug; report upstream.
Combine with: filesystem

Run an OWASP-aligned AppSec review on a service

👤 Devs without a dedicated security team ⏱ ~120 min advanced

When to use: Pre-launch — you need a review you can defend in an audit.

Flow
  1. Inventory
    Use the AppSec skill on /service/. Map the attack surface (auth, data flows, deps, infra).✓ Copied
    → Attack surface map with annotations
  2. Threat-model
    STRIDE the surface. Output the threats with likelihood and impact.✓ Copied
    → STRIDE table
  3. Mitigation plan
    For HIGH likelihood threats, propose mitigations with NIST CSF mapping.✓ Copied
    → Plan with control IDs

Outcome: An AppSec review with audit-ready citations.

Pitfalls
  • Generic mitigations that don't fit your stack — Pass repo paths; skill tailors to detected language/framework
Combine with: github

Defensive review of an AI feature you're shipping

👤 Teams building AI features ⏱ ~90 min advanced

When to use: You're shipping an LLM feature; you want a NIST AI RMF + MITRE ATLAS review.

Flow
  1. Profile risks
    Use the AI security skill. List ATLAS risks relevant to a chat assistant with tool calls.✓ Copied
    → Tactic-grouped risks (prompt injection, model evasion, supply chain)
  2. Defenses
    For each risk, propose specific defenses with NIST AI RMF function (Govern/Map/Measure/Manage).✓ Copied
    → Defenses with function tags
  3. Test plan
    Write a red-team test plan I can hand to a contractor.✓ Copied
    → Plan with concrete attacks to try

Outcome: Pre-launch AI security baseline.

Pitfalls
  • Skill prescribes controls that double your latency — It tags severity; tier-1 controls only for v1 launch

Combinations

Pair with other MCPs for X10 leverage

anthropic-cybersecurity-skills + github

File security findings as issues

Open a GitHub issue per HIGH finding, with NIST CSF reference.✓ Copied
anthropic-cybersecurity-skills + filesystem

Persist reports as audit evidence

Save the IR report to /security/reports/$(date +%F)/.✓ Copied

Tools

What this MCP exposes

ToolInputsWhen to callCost
ir.runbook phase, scenario During an incident 0
appsec.review path Pre-launch / quarterly 0
ai.atlas_review feature_description Before shipping AI features 0
framework.map finding, target_framework Audit prep 0

Cost & Limits

What this costs to run

API quota
N/A — local skill
Tokens per call
Comprehensive reviews: 20–50k tokens
Monetary
Free (Apache 2.0)
Tip
For routine work, scope to one domain (just IR, just AppSec) to keep cost bounded

Security

Permissions, secrets, blast radius

Minimum scopes: filesystem-read
Credential storage: None
Data egress: Local

Troubleshooting

Common errors and fixes

Output is too generic

Provide specific paths, alert text, or service description; skill tailors to context

Framework mapping cites a control that doesn't exist

Pass --framework-version to pin to a specific revision (e.g. NIST CSF 2.0)

Skill flags too many findings

Filter by severity ≥ HIGH for first pass

Alternatives

Cybersecurity Skills (754) vs others

AlternativeWhen to use it insteadTradeoff
agamm/claude-code-owaspYou only need OWASP coverageNarrower; this skill spans 5 frameworks
Hire a vCISO / contractorYou need accountable sign-offSkill enables your team; not a replacement for human authority

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills