MCP App StoreMCP App Store
from Anthropic Cybersecurity Skills13,345
Guided workflow to identify, validate, and document reflected, stored, and DOM-based XSS using Burp Suite (scanner, repeater, intruder, DOM Invader).
Practical, step-by-step guidance for security testers to find and validate cross-site scripting (XSS) vulnerabilities using Burp Suite Professional. Covers proxy setup, mapping, Repeater-based reflection checks, Intruder for stored XSS, DOM Invader for client-side issues, CSP analysis, bypass techniques, and reporting reproducible findings. Includes payload examples and remediation recommendations.
Use this skill during authorized penetration tests, bug bounty assessments, or vulnerability validation tasks when you need to confirm XSS findings, assess CSP effectiveness, or perform thorough client- and server-side XSS analysis. Not for unauthorized scanning.
Inferred compatibility with security-focused agent tooling and platforms that support CLI/scripted workflows (e.g., Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI).
This skill has not been reviewed by our automated audit pipeline yet.
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.
Evaluating Threat Intelligence Platforms
Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte
Performing Threat Modeling with OWASP Threat Dragon
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.
Evaluating Threat Intelligence Platforms
Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte
Security Research Meta-Methodology
A structured vulnerability research framework distilled from 5600+ security docs, covering web injection, deserialization, binary exploitation, domain pentest,
Input Validation Checker
Automated guidance and code patterns for implementing robust input validation and secure-coding practices (OWASP-aligned).
Performing Threat Modeling with OWASP Threat Dragon
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
Security Headers Generator
Auto-activating skill that generates and validates security HTTP headers and provides guidance for implementing secure header configurations.
Tabletop Exercise Designer
Design and generate CISA-aligned cybersecurity tabletop exercises, facilitator guides, participant materials, technical atomics, and SOP gap analyses for incide
CTF Web Exploitation
Comprehensive web-exploitation playbook for CTFs: XSS, SQLi, SSTI, SSRF, XXE, JWT abuse, auth bypass, file upload chains, and web-related reconnaissance.