MCP App StoreMCP App Store
from Anthropic Cybersecurity Skills23,316
Conducts comprehensive cybersecurity risk assessments using the NIST SP 800-30 Rev 1 methodology to identify threats, vulnerabilities, and impact.
This skill enables an agent to perform a defensible, structured cybersecurity risk assessment. Unlike simple maturity scoring, it analyzes specific threat sources, events, and vulnerabilities to determine the likelihood and impact of adverse events, ultimately producing a prioritized risk register.
Use this skill when an organization requires a formal risk analysis to support NIST CSF, ISO 27001, or SOC 2 compliance. It is ideal for assessing the risk profile of new systems before go-live or performing annual enterprise risk refreshes for leadership reporting.
scripts/process.py for scoring and ranking risk registers.Designed for agents supporting the agentskills.io standard, including Claude Code, GitHub Copilot, Codex CLI, Cursor, and Gemini CLI.
This skill has not been reviewed by our automated audit pipeline yet.
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.
Evaluating Threat Intelligence Platforms
Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte
Performing Threat Modeling with OWASP Threat Dragon
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
Testing for XSS Vulnerabilities with Burp Suite
Guided workflow to identify, validate, and document reflected, stored, and DOM-based XSS using Burp Suite (scanner, repeater, intruder, DOM Invader).
Hunting for Cobalt Strike Beacons
Detect Cobalt Strike beacon network activity using TLS certificate signatures, JA3/JA3S/JARM fingerprints, HTTP profile matching, and timing analysis in Zeek/Su
Conducting Domain Persistence with DCSync
Guided procedures to identify DCSync-capable accounts and extract Active Directory credential hashes (KRBTGT, admin) for authorized red-team testing and validat
Testing for JSON Web Token (JWT) Vulnerabilities
Techniques and checks to find and exploit common JWT misconfigurations (alg none, alg confusion, kid/JKU injection, weak secrets).
AWP (Agent Work Protocol)
Tooling and scripts for onboarding, staking, allocation, and managing agents on the AWP network (Base/Ethereum/Arbitrum/BSC). Includes safe, opt-in daemon and r
GRC & Compliance (ServiceNow)
Guides Governance, Risk & Compliance (GRC) work in ServiceNow: policies, controls, risk records, audits and ES5 script examples for automating GRC workflows.
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.
Evaluating Threat Intelligence Platforms
Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte
Symbol — Policy Tagging / Semantic Marker
Define and apply named policy 'symbols' (machine-readable tags) that trigger enforcement actions like audit logging, throttling or compliance gates when conditi
RemoFirst — Core Workflow A
Onboarding workflow for RemoFirst: create employee records, upload compliance documents, and track country-specific onboarding status.
AIOS Test Architect & Quality Advisor
Advisory agent that reviews test architecture, creates quality gates, assesses risk, and suggests test strategies and improvements.
PESTEL Analysis (Product Management)
Run a structured PESTEL analysis to identify political, economic, social, technological, environmental, and legal forces that affect product strategy and market