anthropic-cybersecurity-skills
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
Chineseanthropic-cybersecurity-skills
anthropic-cybersecurity-skills
Overview
概述
The Anthropic Cybersecurity Skills library provides 754 production-grade cybersecurity skills spanning 26 security domains. Each skill is structured following the agentskills.io standard and mapped to five industry frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, MITRE D3FEND, and NIST AI RMF. This enables AI agents to perform security operations with expert-level guidance.
Anthropic网络安全技能库提供了覆盖26个安全领域的754项生产级网络安全技能。每项技能均遵循agentskills.io标准构建,并映射至五大行业框架:MITRE ATT&CK、NIST CSF 2.0、MITRE ATLAS、MITRE D3FEND和NIST AI RMF。这使得AI Agent能够在专家级指导下执行安全运营任务。
Installation
安装
bash
undefinedbash
undefinedOption 1: Using npx (recommended)
选项1:使用npx(推荐)
npx skills add mukul975/Anthropic-Cybersecurity-Skills
npx skills add mukul975/Anthropic-Cybersecurity-Skills
Option 2: Git clone
选项2:Git克隆
git clone https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
cd Anthropic-Cybersecurity-Skills
git clone https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
cd Anthropic-Cybersecurity-Skills
Option 3: Add as submodule
选项3:添加为子模块
git submodule add https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git skills/cybersecurity
undefinedgit submodule add https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git skills/cybersecurity
undefinedDirectory Structure
目录结构
skills/
├── {skill-name}/
│ ├── SKILL.md # Skill definition with YAML frontmatter
│ ├── references/
│ │ ├── standards.md # Framework mappings
│ │ └── workflows.md # Technical procedures
│ ├── scripts/
│ │ └── *.py # Helper scripts
│ └── assets/
│ └── *.md # Templates and checklistsskills/
├── {skill-name}/
│ ├── SKILL.md # 包含YAML前置元数据的技能定义文件
│ ├── references/
│ │ ├── standards.md # 框架映射文件
│ │ └── workflows.md # 技术流程文档
│ ├── scripts/
│ │ └── *.py # 辅助脚本
│ └── assets/
│ └── *.md # 模板和检查清单Discovering Skills
技能查找
By Domain
按领域查找
Skills are organized into 26 domains. List all domains:
python
import os
import yaml
def list_domains():
domains = {}
for skill_dir in os.listdir('skills'):
skill_path = f'skills/{skill_dir}/SKILL.md'
if os.path.exists(skill_path):
with open(skill_path, 'r') as f:
content = f.read()
# Extract YAML frontmatter
if content.startswith('---'):
yaml_end = content.find('---', 3)
frontmatter = yaml.safe_load(content[3:yaml_end])
domain = frontmatter.get('domain', 'unknown')
subdomain = frontmatter.get('subdomain', 'general')
if domain not in domains:
domains[domain] = {}
if subdomain not in domains[domain]:
domains[domain][subdomain] = []
domains[domain][subdomain].append(frontmatter['name'])
return domains技能被划分为26个领域。列出所有领域:
python
import os
import yaml
def list_domains():
domains = {}
for skill_dir in os.listdir('skills'):
skill_path = f'skills/{skill_dir}/SKILL.md'
if os.path.exists(skill_path):
with open(skill_path, 'r') as f:
content = f.read()
# 提取YAML前置元数据
if content.startswith('---'):
yaml_end = content.find('---', 3)
frontmatter = yaml.safe_load(content[3:yaml_end])
domain = frontmatter.get('domain', 'unknown')
subdomain = frontmatter.get('subdomain', 'general')
if domain not in domains:
domains[domain] = {}
if subdomain not in domains[domain]:
domains[domain][subdomain] = []
domains[domain][subdomain].append(frontmatter['name'])
return domainsUsage
使用示例
domains = list_domains()
for domain, subdomains in domains.items():
print(f"\n{domain.upper()}")
for subdomain, skills in subdomains.items():
print(f" {subdomain}: {len(skills)} skills")
undefineddomains = list_domains()
for domain, subdomains in domains.items():
print(f"\n{domain.upper()}")
for subdomain, skills in subdomains.items():
print(f" {subdomain}: {len(skills)} 项技能")
undefinedBy Framework Mapping
按框架映射查找
Find skills mapped to specific ATT&CK techniques:
python
def find_by_attack_technique(technique_id):
"""Find skills mapped to a specific ATT&CK technique"""
matching_skills = []
for skill_dir in os.listdir('skills'):
skill_path = f'skills/{skill_dir}/SKILL.md'
if os.path.exists(skill_path):
with open(skill_path, 'r') as f:
content = f.read()
if content.startswith('---'):
yaml_end = content.find('---', 3)
frontmatter = yaml.safe_load(content[3:yaml_end])
# Check ATT&CK mappings in references
refs_path = f'skills/{skill_dir}/references/standards.md'
if os.path.exists(refs_path):
with open(refs_path, 'r') as ref_file:
if technique_id in ref_file.read():
matching_skills.append({
'name': frontmatter['name'],
'description': frontmatter['description'],
'path': skill_path
})
return matching_skills查找映射至特定ATT&CK技术的技能:
python
def find_by_attack_technique(technique_id):
"""查找映射至特定ATT&CK技术的技能"""
matching_skills = []
for skill_dir in os.listdir('skills'):
skill_path = f'skills/{skill_dir}/SKILL.md'
if os.path.exists(skill_path):
with open(skill_path, 'r') as f:
content = f.read()
if content.startswith('---'):
yaml_end = content.find('---', 3)
frontmatter = yaml.safe_load(content[3:yaml_end])
# 检查参考文档中的ATT&CK映射
refs_path = f'skills/{skill_dir}/references/standards.md'
if os.path.exists(refs_path):
with open(refs_path, 'r') as ref_file:
if technique_id in ref_file.read():
matching_skills.append({
'name': frontmatter['name'],
'description': frontmatter['description'],
'path': skill_path
})
return matching_skillsUsage
使用示例
skills = find_by_attack_technique('T1003') # Credential Dumping
for skill in skills:
print(f"{skill['name']}: {skill['description']}")
undefinedskills = find_by_attack_technique('T1003') # 凭证窃取
for skill in skills:
print(f"{skill['name']}: {skill['description']}")
undefinedBy Tags
按标签查找
Search skills by tags:
python
def search_by_tags(search_tags):
"""Find skills matching any of the provided tags"""
results = []
for skill_dir in os.listdir('skills'):
skill_path = f'skills/{skill_dir}/SKILL.md'
if os.path.exists(skill_path):
with open(skill_path, 'r') as f:
content = f.read()
if content.startswith('---'):
yaml_end = content.find('---', 3)
frontmatter = yaml.safe_load(content[3:yaml_end])
skill_tags = frontmatter.get('tags', [])
if any(tag in skill_tags for tag in search_tags):
results.append(frontmatter)
return results通过标签搜索技能:
python
def search_by_tags(search_tags):
"""查找匹配任意指定标签的技能"""
results = []
for skill_dir in os.listdir('skills'):
skill_path = f'skills/{skill_dir}/SKILL.md'
if os.path.exists(skill_path):
with open(skill_path, 'r') as f:
content = f.read()
if content.startswith('---'):
yaml_end = content.find('---', 3)
frontmatter = yaml.safe_load(content[3:yaml_end])
skill_tags = frontmatter.get('tags', [])
if any(tag in skill_tags for tag in search_tags):
results.append(frontmatter)
return resultsUsage
使用示例
malware_skills = search_by_tags(['malware-analysis', 'reverse-engineering'])
for skill in malware_skills:
print(f"{skill['name']}: {', '.join(skill['tags'])}")
undefinedmalware_skills = search_by_tags(['malware-analysis', 'reverse-engineering'])
for skill in malware_skills:
print(f"{skill['name']}: {', '.join(skill['tags'])}")
undefinedLoading and Executing Skills
技能加载与执行
Progressive Loading Pattern
渐进式加载模式
Load only frontmatter first (low token cost), then full content when needed:
python
class SkillLoader:
def __init__(self, skills_dir='skills'):
self.skills_dir = skills_dir
def scan_all_frontmatter(self):
"""Scan all skill frontmatter (~30 tokens each)"""
skills_index = []
for skill_dir in os.listdir(self.skills_dir):
skill_path = f'{self.skills_dir}/{skill_dir}/SKILL.md'
if os.path.exists(skill_path):
with open(skill_path, 'r') as f:
content = f.read()
if content.startswith('---'):
yaml_end = content.find('---', 3)
frontmatter = yaml.safe_load(content[3:yaml_end])
frontmatter['path'] = skill_path
skills_index.append(frontmatter)
return skills_index
def load_full_skill(self, skill_name):
"""Load complete skill content (~500-2000 tokens)"""
skill_path = f'{self.skills_dir}/{skill_name}/SKILL.md'
with open(skill_path, 'r') as f:
content = f.read()
# Parse frontmatter and body
if content.startswith('---'):
yaml_end = content.find('---', 3)
frontmatter = yaml.safe_load(content[3:yaml_end])
body = content[yaml_end + 3:].strip()
return {
'metadata': frontmatter,
'content': body,
'references': self._load_references(skill_name),
'scripts': self._load_scripts(skill_name)
}
def _load_references(self, skill_name):
"""Load framework mappings and workflows"""
refs = {}
refs_dir = f'{self.skills_dir}/{skill_name}/references'
if os.path.exists(refs_dir):
for ref_file in os.listdir(refs_dir):
with open(f'{refs_dir}/{ref_file}', 'r') as f:
refs[ref_file.replace('.md', '')] = f.read()
return refs
def _load_scripts(self, skill_name):
"""Load helper scripts"""
scripts = {}
scripts_dir = f'{self.skills_dir}/{skill_name}/scripts'
if os.path.exists(scripts_dir):
for script_file in os.listdir(scripts_dir):
with open(f'{scripts_dir}/{script_file}', 'r') as f:
scripts[script_file] = f.read()
return scripts先仅加载前置元数据(低token消耗),需要时再加载完整内容:
python
class SkillLoader:
def __init__(self, skills_dir='skills'):
self.skills_dir = skills_dir
def scan_all_frontmatter(self):
"""扫描所有技能的前置元数据(每个约30个token)"""
skills_index = []
for skill_dir in os.listdir(self.skills_dir):
skill_path = f'{self.skills_dir}/{skill_dir}/SKILL.md'
if os.path.exists(skill_path):
with open(skill_path, 'r') as f:
content = f.read()
if content.startswith('---'):
yaml_end = content.find('---', 3)
frontmatter = yaml.safe_load(content[3:yaml_end])
frontmatter['path'] = skill_path
skills_index.append(frontmatter)
return skills_index
def load_full_skill(self, skill_name):
"""加载完整技能内容(约500-2000个token)"""
skill_path = f'{self.skills_dir}/{skill_name}/SKILL.md'
with open(skill_path, 'r') as f:
content = f.read()
# 解析前置元数据和正文
if content.startswith('---'):
yaml_end = content.find('---', 3)
frontmatter = yaml.safe_load(content[3:yaml_end])
body = content[yaml_end + 3:].strip()
return {
'metadata': frontmatter,
'content': body,
'references': self._load_references(skill_name),
'scripts': self._load_scripts(skill_name)
}
def _load_references(self, skill_name):
"""加载框架映射和流程文档"""
refs = {}
refs_dir = f'{self.skills_dir}/{skill_name}/references'
if os.path.exists(refs_dir):
for ref_file in os.listdir(refs_dir):
with open(f'{refs_dir}/{ref_file}', 'r') as f:
refs[ref_file.replace('.md', '')] = f.read()
return refs
def _load_scripts(self, skill_name):
"""加载辅助脚本"""
scripts = {}
scripts_dir = f'{self.skills_dir}/{skill_name}/scripts'
if os.path.exists(scripts_dir):
for script_file in os.listdir(scripts_dir):
with open(f'{scripts_dir}/{script_file}', 'r') as f:
scripts[script_file] = f.read()
return scriptsUsage
使用示例
loader = SkillLoader()
loader = SkillLoader()
Step 1: Scan all skills (lightweight)
步骤1:扫描所有技能(轻量操作)
all_skills = loader.scan_all_frontmatter()
print(f"Found {len(all_skills)} skills")
all_skills = loader.scan_all_frontmatter()
print(f"找到 {len(all_skills)} 项技能")
Step 2: Find relevant skills
步骤2:查找相关技能
memory_forensics = [s for s in all_skills if 'memory-analysis' in s.get('tags', [])]
memory_forensics = [s for s in all_skills if 'memory-analysis' in s.get('tags', [])]
Step 3: Load top matches fully
步骤3:完整加载匹配度最高的技能
for skill in memory_forensics[:3]:
full_skill = loader.load_full_skill(skill['name'])
print(f"\n{skill['name']}")
print(f"Content length: {len(full_skill['content'])} chars")
undefinedfor skill in memory_forensics[:3]:
full_skill = loader.load_full_skill(skill['name'])
print(f"\n{skill['name']}")
print(f"内容长度: {len(full_skill['content'])} 字符")
undefinedCommon Usage Patterns
常见使用模式
Incident Response Workflow
事件响应流程
python
def incident_response_guide(incident_type):
"""Get relevant IR skills for incident type"""
loader = SkillLoader()
all_skills = loader.scan_all_frontmatter()
# Map incident types to skill domains
incident_mappings = {
'ransomware': ['malware-analysis', 'incident-response', 'forensics'],
'data_breach': ['threat-hunting', 'forensics', 'cloud-security'],
'phishing': ['email-security', 'threat-intelligence', 'endpoint-security'],
'insider_threat': ['behavior-analytics', 'iam', 'forensics']
}
relevant_tags = incident_mappings.get(incident_type, [])
relevant_skills = [
s for s in all_skills
if any(tag in s.get('tags', []) for tag in relevant_tags)
]
# Prioritize by subdomain
prioritized = sorted(
relevant_skills,
key=lambda s: (
s.get('subdomain') == 'incident-response',
len(set(s.get('tags', [])) & set(relevant_tags))
),
reverse=True
)
return prioritized[:5]python
def incident_response_guide(incident_type):
"""获取针对特定事件类型的相关IR技能"""
loader = SkillLoader()
all_skills = loader.scan_all_frontmatter()
# 将事件类型映射至技能领域
incident_mappings = {
'ransomware': ['malware-analysis', 'incident-response', 'forensics'],
'data_breach': ['threat-hunting', 'forensics', 'cloud-security'],
'phishing': ['email-security', 'threat-intelligence', 'endpoint-security'],
'insider_threat': ['behavior-analytics', 'iam', 'forensics']
}
relevant_tags = incident_mappings.get(incident_type, [])
relevant_skills = [
s for s in all_skills
if any(tag in s.get('tags', []) for tag in relevant_tags)
]
# 按子领域优先级排序
prioritized = sorted(
relevant_skills,
key=lambda s: (
s.get('subdomain') == 'incident-response',
len(set(s.get('tags', [])) & set(relevant_tags))
),
reverse=True
)
return prioritized[:5]Usage
使用示例
ransomware_skills = incident_response_guide('ransomware')
for skill in ransomware_skills:
print(f"- {skill['name']}: {skill['description']}")
undefinedransomware_skills = incident_response_guide('ransomware')
for skill in ransomware_skills:
print(f"- {skill['name']}: {skill['description']}")
undefinedATT&CK Technique Coverage
ATT&CK技术覆盖情况
python
def check_attack_coverage(technique_id):
"""Check which skills cover a specific ATT&CK technique"""
loader = SkillLoader()
coverage = []
for skill_dir in os.listdir('skills'):
refs_path = f'skills/{skill_dir}/references/standards.md'
if os.path.exists(refs_path):
with open(refs_path, 'r') as f:
content = f.read()
if technique_id in content:
skill = loader.load_full_skill(skill_dir)
coverage.append({
'name': skill['metadata']['name'],
'description': skill['metadata']['description'],
'domain': skill['metadata']['subdomain']
})
return coveragepython
def check_attack_coverage(technique_id):
"""检查哪些技能覆盖了特定ATT&CK技术"""
loader = SkillLoader()
coverage = []
for skill_dir in os.listdir('skills'):
refs_path = f'skills/{skill_dir}/references/standards.md'
if os.path.exists(refs_path):
with open(refs_path, 'r') as f:
content = f.read()
if technique_id in content:
skill = loader.load_full_skill(skill_dir)
coverage.append({
'name': skill['metadata']['name'],
'description': skill['metadata']['description'],
'domain': skill['metadata']['subdomain']
})
return coverageUsage
使用示例
t1003_coverage = check_attack_coverage('T1003') # Credential Dumping
print(f"Skills covering T1003: {len(t1003_coverage)}")
for skill in t1003_coverage:
print(f" {skill['domain']}: {skill['name']}")
undefinedt1003_coverage = check_attack_coverage('T1003') # 凭证窃取
print(f"覆盖T1003的技能数量: {len(t1003_coverage)}")
for skill in t1003_coverage:
print(f" {skill['domain']}: {skill['name']}")
undefinedMulti-Framework Compliance Check
多框架合规检查
python
def compliance_mapper(skill_name):
"""Show all framework mappings for a skill"""
loader = SkillLoader()
skill = loader.load_full_skill(skill_name)
frameworks = {
'MITRE ATT&CK': skill['metadata'].get('attack_techniques', []),
'NIST CSF 2.0': skill['metadata'].get('nist_csf', []),
'MITRE ATLAS': skill['metadata'].get('atlas_techniques', []),
'MITRE D3FEND': skill['metadata'].get('d3fend_techniques', []),
'NIST AI RMF': skill['metadata'].get('nist_ai_rmf', [])
}
print(f"\nFramework mappings for: {skill_name}\n")
for framework, mappings in frameworks.items():
if mappings:
print(f"{framework}:")
for mapping in mappings:
print(f" - {mapping}")python
def compliance_mapper(skill_name):
"""展示某一技能的所有框架映射"""
loader = SkillLoader()
skill = loader.load_full_skill(skill_name)
frameworks = {
'MITRE ATT&CK': skill['metadata'].get('attack_techniques', []),
'NIST CSF 2.0': skill['metadata'].get('nist_csf', []),
'MITRE ATLAS': skill['metadata'].get('atlas_techniques', []),
'MITRE D3FEND': skill['metadata'].get('d3fend_techniques', []),
'NIST AI RMF': skill['metadata'].get('nist_ai_rmf', [])
}
print(f"\n技能 {skill_name} 的框架映射\n")
for framework, mappings in frameworks.items():
if mappings:
print(f"{framework}:")
for mapping in mappings:
print(f" - {mapping}")Usage
使用示例
compliance_mapper('performing-memory-forensics-with-volatility3')
undefinedcompliance_mapper('performing-memory-forensics-with-volatility3')
undefinedWorking with Skill Scripts
技能脚本使用
Many skills include helper scripts in directories:
scripts/python
import subprocess
import json
def execute_skill_script(skill_name, script_name, **kwargs):
"""Execute a skill's helper script with arguments"""
script_path = f'skills/{skill_name}/scripts/{script_name}'
if not os.path.exists(script_path):
raise FileNotFoundError(f"Script not found: {script_path}")
# Build command with arguments
cmd = ['python', script_path]
for key, value in kwargs.items():
cmd.extend([f'--{key}', str(value)])
# Execute
result = subprocess.run(cmd, capture_output=True, text=True)
return {
'stdout': result.stdout,
'stderr': result.stderr,
'returncode': result.returncode
}许多技能在目录中包含辅助脚本:
scripts/python
import subprocess
import json
def execute_skill_script(skill_name, script_name, **kwargs):
"""带参数执行技能的辅助脚本"""
script_path = f'skills/{skill_name}/scripts/{script_name}'
if not os.path.exists(script_path):
raise FileNotFoundError(f"未找到脚本: {script_path}")
# 构建带参数的命令
cmd = ['python', script_path]
for key, value in kwargs.items():
cmd.extend([f'--{key}', str(value)])
# 执行命令
result = subprocess.run(cmd, capture_output=True, text=True)
return {
'stdout': result.stdout,
'stderr': result.stderr,
'returncode': result.returncode
}Usage example with memory forensics skill
内存取证技能使用示例
result = execute_skill_script(
'performing-memory-forensics-with-volatility3',
'process.py',
dump_file='/path/to/memory.dmp',
plugin='windows.pslist'
)
if result['returncode'] == 0:
print(result['stdout'])
else:
print(f"Error: {result['stderr']}")
undefinedresult = execute_skill_script(
'performing-memory-forensics-with-volatility3',
'process.py',
dump_file='/path/to/memory.dmp',
plugin='windows.pslist'
)
if result['returncode'] == 0:
print(result['stdout'])
else:
print(f"错误: {result['stderr']}")
undefinedEnvironment Configuration
环境配置
Skills that require API keys or credentials reference environment variables:
bash
undefined需要API密钥或凭证的技能会引用环境变量:
bash
undefined.env file for skills requiring external services
用于需要外部服务的技能的.env文件
export VIRUSTOTAL_API_KEY=your_vt_key_here
export SHODAN_API_KEY=your_shodan_key_here
export MISP_URL=https://your-misp-instance.com
export MISP_API_KEY=your_misp_key_here
export SPLUNK_HOST=your-splunk-host
export SPLUNK_TOKEN=your_splunk_token
Load in Python:
```python
import os
from dotenv import load_dotenv
load_dotenv()export VIRUSTOTAL_API_KEY=your_vt_key_here
export SHODAN_API_KEY=your_shodan_key_here
export MISP_URL=https://your-misp-instance.com
export MISP_API_KEY=your_misp_key_here
export SPLUNK_HOST=your-splunk-host
export SPLUNK_TOKEN=your_splunk_token
在Python中加载:
```python
import os
from dotenv import load_dotenv
load_dotenv()Skills will reference these
技能会引用这些变量
vt_key = os.getenv('VIRUSTOTAL_API_KEY')
misp_url = os.getenv('MISP_URL')
undefinedvt_key = os.getenv('VIRUSTOTAL_API_KEY')
misp_url = os.getenv('MISP_URL')
undefinedIntegration Examples
集成示例
With Claude Code / Cursor
与Claude Code / Cursor集成
Place in your project's or :
.claud/.cursorrulesmarkdown
undefined将以下内容放置在项目的或目录中:
.claud/.cursorrulesmarkdown
undefinedCybersecurity Skills Context
网络安全技能上下文
This project has access to 754 cybersecurity skills in the directory.
skills/When I ask security questions:
- Scan skill frontmatter in skills/*/SKILL.md
- Match by domain, subdomain, or tags
- Load top 3 relevant skills fully
- Follow the Workflow sections step-by-step
- Verify results using Verification sections
Example: "analyze this memory dump"
→ load performing-memory-forensics-with-volatility3/SKILL.md
→ execute Volatility3 commands from Workflow
→ validate findings using Verification checklist
undefined本项目可访问目录中的754项网络安全技能。
skills/当我提出安全相关问题时:
- 扫描skills/*/SKILL.md中的技能前置元数据
- 按领域、子领域或标签匹配相关技能
- 完整加载匹配度最高的3项技能
- 逐步遵循Workflow章节中的步骤
- 使用Verification章节验证结果
示例:"分析这个内存转储文件"
→ 加载performing-memory-forensics-with-volatility3/SKILL.md
→ 执行Workflow中的Volatility3命令
→ 使用Verification检查清单验证发现
undefinedWith Custom AI Agent (Python)
与自定义AI Agent(Python)集成
python
class CybersecurityAgent:
def __init__(self, skills_dir='skills'):
self.loader = SkillLoader(skills_dir)
self.skill_index = self.loader.scan_all_frontmatter()
def handle_query(self, user_query):
"""Process security query using relevant skills"""
# Step 1: Find relevant skills
relevant = self._match_skills(user_query)
# Step 2: Load top matches
top_skills = [
self.loader.load_full_skill(s['name'])
for s in relevant[:3]
]
# Step 3: Extract workflow steps
workflows = []
for skill in top_skills:
content = skill['content']
# Extract Workflow section
if '## Workflow' in content:
start = content.index('## Workflow')
end = content.index('##', start + 1) if '##' in content[start + 1:] else len(content)
workflows.append(content[start:end])
return {
'matched_skills': [s['metadata']['name'] for s in top_skills],
'workflows': workflows,
'framework_mappings': self._get_mappings(top_skills)
}
def _match_skills(self, query):
"""Simple keyword matching (replace with semantic search)"""
query_lower = query.lower()
scores = []
for skill in self.skill_index:
score = 0
desc = skill['description'].lower()
tags = ' '.join(skill.get('tags', [])).lower()
# Score by keyword matches
for word in query_lower.split():
if word in desc:
score += 2
if word in tags:
score += 1
if score > 0:
scores.append((score, skill))
return [s for _, s in sorted(scores, reverse=True)]
def _get_mappings(self, skills):
"""Extract framework mappings from loaded skills"""
mappings = {
'attack': set(),
'nist_csf': set(),
'atlas': set()
}
for skill in skills:
meta = skill['metadata']
mappings['attack'].update(meta.get('attack_techniques', []))
mappings['nist_csf'].update(meta.get('nist_csf', []))
mappings['atlas'].update(meta.get('atlas_techniques', []))
return {k: list(v) for k, v in mappings.items()}python
class CybersecurityAgent:
def __init__(self, skills_dir='skills'):
self.loader = SkillLoader(skills_dir)
self.skill_index = self.loader.scan_all_frontmatter()
def handle_query(self, user_query):
"""使用相关技能处理安全查询"""
# 步骤1:查找相关技能
relevant = self._match_skills(user_query)
# 步骤2:加载匹配度最高的技能
top_skills = [
self.loader.load_full_skill(s['name'])
for s in relevant[:3]
]
# 步骤3:提取流程步骤
workflows = []
for skill in top_skills:
content = skill['content']
# 提取Workflow章节
if '## Workflow' in content:
start = content.index('## Workflow')
end = content.index('##', start + 1) if '##' in content[start + 1:] else len(content)
workflows.append(content[start:end])
return {
'matched_skills': [s['metadata']['name'] for s in top_skills],
'workflows': workflows,
'framework_mappings': self._get_mappings(top_skills)
}
def _match_skills(self, query):
"""简单关键词匹配(可替换为语义搜索)"""
query_lower = query.lower()
scores = []
for skill in self.skill_index:
score = 0
desc = skill['description'].lower()
tags = ' '.join(skill.get('tags', [])).lower()
# 按关键词匹配计分
for word in query_lower.split():
if word in desc:
score += 2
if word in tags:
score += 1
if score > 0:
scores.append((score, skill))
return [s for _, s in sorted(scores, reverse=True)]
def _get_mappings(self, skills):
"""从已加载技能中提取框架映射"""
mappings = {
'attack': set(),
'nist_csf': set(),
'atlas': set()
}
for skill in skills:
meta = skill['metadata']
mappings['attack'].update(meta.get('attack_techniques', []))
mappings['nist_csf'].update(meta.get('nist_csf', []))
mappings['atlas'].update(meta.get('atlas_techniques', []))
return {k: list(v) for k, v in mappings.items()}Usage
使用示例
agent = CybersecurityAgent()
response = agent.handle_query("investigate credential dumping attack")
print("Matched skills:", response['matched_skills'])
print("\nATT&CK Techniques:", response['framework_mappings']['attack'])
print("\nFirst workflow:")
print(response['workflows'][0][:500])
undefinedagent = CybersecurityAgent()
response = agent.handle_query("调查凭证窃取攻击")
print("匹配技能:", response['matched_skills'])
print("\nATT&CK技术:", response['framework_mappings']['attack'])
print("\n首个流程:")
print(response['workflows'][0][:500])
undefinedTroubleshooting
故障排除
Skill Not Found
技能未找到
python
def verify_skill_exists(skill_name):
"""Check if skill exists and is properly formatted"""
skill_path = f'skills/{skill_name}/SKILL.md'
if not os.path.exists(skill_path):
print(f"❌ Skill not found: {skill_path}")
return False
with open(skill_path, 'r') as f:
content = f.read()
if not content.startswith('---'):
print(f"❌ Invalid format: missing YAML frontmatter")
return False
try:
yaml_end = content.find('---', 3)
frontmatter = yaml.safe_load(content[3:yaml_end])
required_fields = ['name', 'description', 'domain', 'subdomain']
for field in required_fields:
if field not in frontmatter:
print(f"❌ Missing required field: {field}")
return False
print(f"✅ Skill valid: {skill_name}")
return True
except Exception as e:
print(f"❌ YAML parse error: {e}")
return Falsepython
def verify_skill_exists(skill_name):
"""检查技能是否存在且格式正确"""
skill_path = f'skills/{skill_name}/SKILL.md'
if not os.path.exists(skill_path):
print(f"❌ 未找到技能: {skill_path}")
return False
with open(skill_path, 'r') as f:
content = f.read()
if not content.startswith('---'):
print(f"❌ 格式无效: 缺少YAML前置元数据")
return False
try:
yaml_end = content.find('---', 3)
frontmatter = yaml.safe_load(content[3:yaml_end])
required_fields = ['name', 'description', 'domain', 'subdomain']
for field in required_fields:
if field not in frontmatter:
print(f"❌ 缺少必填字段: {field}")
return False
print(f"✅ 技能有效: {skill_name}")
return True
except Exception as e:
print(f"❌ YAML解析错误: {e}")
return FalseFramework Mapping Missing
框架映射缺失
If a skill doesn't show framework mappings, check :
references/standards.mdpython
def audit_framework_mappings(skill_name):
"""Check which framework mappings exist for a skill"""
refs_path = f'skills/{skill_name}/references/standards.md'
if not os.path.exists(refs_path):
print(f"⚠️ No references/standards.md found")
return
with open(refs_path, 'r') as f:
content = f.read()
frameworks = {
'ATT&CK': r'T\d{4}',
'NIST CSF': r'[A-Z]{2}\.[A-Z]{2}',
'ATLAS': r'AML\.T\d{4}',
'D3FEND': r'D3-[A-Z]+',
'AI RMF': r'[A-Z]+-\d+\.\d+'
}
import re
for name, pattern in frameworks.items():
matches = re.findall(pattern, content)
if matches:
print(f"✅ {name}: {', '.join(set(matches))}")
else:
print(f"⚠️ {name}: No mappings found")如果技能未显示框架映射,请检查:
references/standards.mdpython
def audit_framework_mappings(skill_name):
"""检查技能存在哪些框架映射"""
refs_path = f'skills/{skill_name}/references/standards.md'
if not os.path.exists(refs_path):
print(f"⚠️ 未找到references/standards.md")
return
with open(refs_path, 'r') as f:
content = f.read()
frameworks = {
'ATT&CK': r'T\d{4}',
'NIST CSF': r'[A-Z]{2}\.[A-Z]{2}',
'ATLAS': r'AML\.T\d{4}',
'D3FEND': r'D3-[A-Z]+',
'AI RMF': r'[A-Z]+-\d+\.\d+'
}
import re
for name, pattern in frameworks.items():
matches = re.findall(pattern, content)
if matches:
print(f"✅ {name}: {', '.join(set(matches))}")
else:
print(f"⚠️ {name}: 未找到映射")Key Features Summary
核心功能总结
- 754 skills across 26 security domains
- 5 framework mappings: ATT&CK, NIST CSF, ATLAS, D3FEND, AI RMF
- Progressive loading: scan frontmatter (~30 tokens), load full content only when needed
- Structured workflows: step-by-step procedures in every skill
- Helper scripts: working Python scripts in directories
scripts/ - Framework standards: complete mappings in
references/standards.md - agentskills.io compliant: works with 26+ AI coding platforms
- 754项技能,覆盖26个安全领域
- 5种框架映射:ATT&CK、NIST CSF、ATLAS、D3FEND、AI RMF
- 渐进式加载:扫描前置元数据(约30个token),仅在需要时加载完整内容
- 结构化流程:每项技能均包含分步操作流程
- 辅助脚本:目录中包含可运行的Python脚本
scripts/ - 框架标准:中包含完整映射
references/standards.md - 兼容agentskills.io:可在26+ AI编码平台中使用
License
许可证
Apache 2.0 — see repository for full license text.
Apache 2.0 — 详见仓库中的完整许可证文本。
Contributing
贡献
Contributions welcome following the project's CONTRIBUTING.md guidelines. All skills must include YAML frontmatter, structured Markdown sections, and framework mappings.
欢迎遵循项目CONTRIBUTING.md指南提交贡献。所有技能必须包含YAML前置元数据、结构化Markdown章节和框架映射。