Anthropic Cybersecurity Skills: The Binder Behind a Senior Analyst
TL;DR
- What it solves: AI agents can run shells and write code, but they do not know what to run when a memory dump arrives. This repo gives them the playbook a junior analyst would open.
- Why it matters: Without a playbook, the agent improvises. With one, it follows the same steps a senior DFIR analyst would, including the prerequisites and the verification step.
- Best for: Security teams whose agent already has tool access (Volatility3, Splunk, BloodHound, kubectl) and needs structured workflows, not more LLM creativity.
- Main differentiator: Every one of the 754 skills is mapped across five frameworks at once - MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF. One skill, five compliance checkboxes.
- Best use case: Hand “analyze this memory dump for credential theft” to an agent that loaded the repo. It picks
performing-memory-forensics-with-volatility3, runs the plugins in order, and maps the findings to ATT&CK T1003.
A friend who just made senior DFIR has a Friday ritual. A junior calls about a suspicious memory dump. He says one thing. “Open the binder.”
The junior opens a shared Doc, finds the memory-forensics section, and starts reading. Half an hour later the dump is parsed correctly. The binder is the difference between “I think we should run Volatility” and “I ran windows.malfind, windows.pslist, and windows.netscan in that order because the binder said to.”
His AI agent has none of that binder. It has Claude in a terminal, a Volatility3 install, and good intentions. So it guesses. Anthropic Cybersecurity Skills is the binder, retyped for the agent.
Heads up: the name. This is a community project by Mahipal Jangra. Not affiliated with Anthropic PBC. The README says so in the first paragraph. I am repeating it here so nobody emails Anthropic when something breaks.
What This Repo Physically Is
A folder of 754 Markdown files. Each lives in skills/{kebab-case-name}/SKILL.md, with optional references/, scripts/, and assets/ next to it. Every file has a YAML frontmatter block and a body with four predictable sections: When to Use, Prerequisites, Workflow, Verification.
The Python code in the repo is the tooling around the skills - mappings, indexers, validation. The skills themselves are not code. They are documentation an agent reads, then acts on.
Twenty-six security domains. Cloud Security has 60 skills. Threat Hunting has 55. OT/ICS has 28. Deception Technology has 2. The numbers are not symmetric on purpose - they reflect what real practitioners actually do, and how many people have contributed in each area so far.
The Mental Model
The bartender at a hotel does not know every cocktail. They know about thirty. The other four hundred live in a binder behind the bar. A guest orders a Sazerac, the bartender pulls the binder to the right page, and the drink comes out the same as if a Michelin sommelier mixed it. The binder did not make the bartender smarter. It made the bar consistent.
That is the trick. The agent does not become a senior analyst. The skill does. The agent just has to read it carefully.
What An Actual Skill Looks Like
This is the frontmatter of one skill, lifted from the README. It is around 30 tokens for an agent to scan:
---
name: performing-memory-forensics-with-volatility3
description: >-
Analyze memory dumps to extract running processes, network connections,
injected code, and malware artifacts using the Volatility3 framework.
domain: cybersecurity
subdomain: digital-forensics
tags: [forensics, memory-analysis, volatility3, incident-response, dfir]
atlas_techniques: [AML.T0047]
d3fend_techniques: [D3-MA, D3-PSMD]
nist_ai_rmf: [MEASURE-2.6]
nist_csf: [DE.CM-01, RS.AN-03]
version: "1.2"
author: mukul975
license: Apache-2.0
---Below the frontmatter is a workflow that tells the agent which Volatility3 plugin to run first, what output to expect, when to escalate, and how to confirm credential theft instead of just suspecting it. That body is 500 to 2,000 tokens. The agent only loads it after the frontmatter has matched the task.
This is the design choice that makes the library actually usable: progressive disclosure. The agent scans all 754 frontmatters in a single pass without melting its context window, picks the top three, then loads the full workflow for the one it commits to.
Quickstart
The README offers two paths. Pick one.
# Recommended: install via the agentskills.io standard
npx skills add mukul975/Anthropic-Cybersecurity-Skills
# Or just clone if you want to read first
git clone https://github.com/mukul975/Anthropic-Cybersecurity-Skills.gitAfter that, point any compatible agent at the folder. The README lists 26+ platforms - Claude Code, GitHub Copilot, Cursor, Codex CLI, Gemini CLI, Continue, Aider, Cline, Devin, Replit Agent, the major SDKs - none of which need extra glue if they already speak the standard.
What An Agent Conversation Looks Like
This is the example flow from the README, kept short:
You: Analyze this memory dump for signs of credential theft.
Agent: [scans 754 frontmatters ~30 tokens each]
[picks: performing-memory-forensics-with-volatility3,
hunting-for-credential-dumping-lsass,
analyzing-windows-event-logs-for-credential-access]
[loads full Workflow for the top match]
[runs Volatility3 plugins in the prescribed order]
[maps findings to ATT&CK T1003]
[returns: verified IOCs, framework-tagged]Without the binder the same prompt produces a confident paragraph about how Volatility “can be used” for memory analysis. The agent will then ask you which plugin to start with.
Five Frameworks On One Skill
This part sounds like compliance theater until you have lived through an audit. Then it stops sounding like that.
| Framework | What it gives you | Why an agent should care |
|---|---|---|
| MITRE ATT&CK | Attacker TTP labels | So the report has the same vocabulary as the SOC |
| NIST CSF 2.0 | Govern/Identify/Protect/… | So the finding plugs into the GRC report |
| MITRE ATLAS | ML/AI adversarial tactics | So agentic threats stop being “miscellaneous” |
| MITRE D3FEND | Defensive countermeasures | So the agent can recommend a control, not a vibe |
| NIST AI RMF | AI risk management | So the GenAI Profile audit has evidence |
One skill, five tags. The same memory-forensics workflow drops a NIST CSF DE.CM-01 and a D3FEND D3-MA into the same report. No other open-source skills library currently does the five-way mapping. That is the moat.
Where It Fits, Where It Does Not
Use it when:
- Your agent already has tool access and a shell, but improvises on procedure.
- You need the report to land in ATT&CK + NIST language without manual relabeling.
- You want senior-level workflows that newer engineers (and agents) can re-run identically.
Skip it when:
- You wanted exploit code or wordlists. This is not that. There is no
payloads.txt. - You don’t run any AI agent yet. The skills will read fine to a human, but the format is tuned for machine discovery.
- Your stack is so custom that off-the-shelf workflows have to be rewritten anyway.
The Rough Edges
The repo is moving fast - 754 skills today, 734 in the v1.0.0 tag from March. Domain coverage is uneven on purpose. Deception Technology has 2 skills. Compliance & Governance has 5. The README says explicitly these are where new contributors should start.
The framework mappings drift. ATT&CK v19 lands April 28, 2026 and splits Defense Evasion into Stealth and Impair Defenses. The README notes that skill mappings will be updated in a forthcoming release. Until they are, expect a small lag.
The Python tooling is the supporting cast. 99.6% of commits are Python by line count, but the value is in the Markdown. If you go looking for an enormous framework, you will be disappointed in a way that is actually a compliment.
And one practical caveat: 30 tokens per frontmatter times 754 skills is around 23k tokens just to scan once. On models with smaller context, you will want the agentskills.io loader to do the matching, not the model.
Final Thoughts
The bartender does not get smarter. The bar gets consistent. After a year, every Sazerac tastes the same and nobody has to be impressed by the head bartender anymore.
The agent does not become a senior DFIR analyst. The investigation gets consistent. After a quarter, the memory dumps get parsed the same way, the LSASS hunts run in the same order, and the reports land in the same framework language. Somebody, eventually, asks: who needed the senior?
That is the binder.
mukul975/Anthropic-Cybersecurity-Skills · Apache-2.0 · 9.6k · docs
Hoang Yell
A software developer and technical storyteller. I spend my time exploring the most interesting open-source repositories on GitHub and presenting them as accessible stories for everyone.
