The mukul975/anthropic-cybersecurity-skills repository is a comprehensive, open-source library designed to equip AI agents with advanced, structured cybersecurity skills. It contains 754 production-grade skills spanning 26 distinct security domains, such as cloud security, threat hunting, malware analysis, digital forensics, web application security, and more. Each skill is meticulously crafted to reflect real-world workflows and decision-making processes used by experienced cybersecurity analysts, rather than generic scripts or checklists.
A standout feature of this repository is its unified mapping to five major industry frameworks: MITRE ATT&CK (v18), NIST Cybersecurity Framework (CSF 2.0), MITRE ATLAS (v5.4), MITRE D3FEND (v1.3), and NIST AI Risk Management Framework (AI RMF 1.0). This cross-framework approach ensures that every skill is aligned with both offensive and defensive tactics, organizational security postures, AI/ML adversarial threats, and regulatory compliance requirements. For example, a single skill like "analyzing-network-traffic-of-malware" is mapped across all five frameworks, providing broad applicability and compliance coverage.
The repository follows the agentskills.io open standard, which enables seamless integration with a wide range of AI platforms and code assistants, including Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, Gemini CLI, and over 20 other platforms. The skills are structured for efficient discovery and execution: each skill features a YAML frontmatter for rapid scanning and metadata extraction, followed by a detailed Markdown body outlining trigger conditions, prerequisites, step-by-step workflows, and verification procedures. Reference files and helper scripts are included to provide deep technical context and operational support.
The library addresses the critical cybersecurity workforce gap, which reached 4.8 million unfilled roles globally in 2024. By providing AI agents with structured domain knowledge and practitioner playbooks, the repository enables these agents to perform tasks at the level of senior analysts, such as memory forensics, threat detection, incident response, and vulnerability management. This structured approach allows agents to make informed decisions, execute complex workflows, and validate results, rather than relying on ad-hoc commands or incomplete information.
Coverage is extensive across all major frameworks. For MITRE ATT&CK, the skills span all 14 tactics and over 200 techniques, with visual mapping provided via ATT&CK Navigator layer files. NIST CSF 2.0 alignment includes all six functions and 22 categories, reflecting the latest updates and expanded scope. MITRE ATLAS and D3FEND mappings support AI/ML-specific threats and defensive countermeasures, while NIST AI RMF ensures alignment with trustworthy AI development and regulatory requirements.
The repository is widely recognized in the cybersecurity and AI communities, featured in multiple "awesome" lists and skills directories. It is actively maintained, with regular updates and community contributions encouraged. Users can try the skills live via the Casky.ai playground, participate in the Global Agentic AI Readiness Survey, and integrate the library into their own AI agents with minimal setup. Licensed under Apache 2.0, the project is open for both commercial and academic use, making it a valuable resource for organizations, developers, and researchers seeking to enhance AI-driven cybersecurity capabilities.
