Cybersecurity Skills on KnightLi的博客 https://knightli.com/tags/cybersecurity-skills/ Recent content in Cybersecurity Skills on KnightLi的博客 Hugo -- gohugo.io zh-cn Mon, 22 Jun 2026 08:05:45 +0800 Anthropic Cybersecurity Skills 怎么用:给 AI Agent 加安全分析技能库 https://knightli.com/2026/06/22/anthropic-cybersecurity-skills-ai-agent-guide/ Mon, 22 Jun 2026 08:05:45 +0800 https://knightli.com/2026/06/22/anthropic-cybersecurity-skills-ai-agent-guide/ <p><code>mukul975/Anthropic-Cybersecurity-Skills</code> 是一个面向 AI Agent 的网络安全技能库。README 里写到它包含 754 个结构化 cybersecurity skills,并映射到 MITRE ATT&amp;CK、NIST CSF、MITRE ATLAS、D3FEND、NIST AI RMF 等框架。</p> <p>项目地址:</p> <p><a class="link" href="https://github.com/mukul975/Anthropic-Cybersecurity-Skills" target="_blank" rel="noopener" >https://github.com/mukul975/Anthropic-Cybersecurity-Skills</a></p> <h2 id="安装方式">安装方式 </h2><p>推荐方式是用 <code>npx</code> 添加:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">npx skills add mukul975/Anthropic-Cybersecurity-Skills </span></span></code></pre></td></tr></table> </div> </div><p>也可以直接克隆仓库:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">git clone https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git </span></span><span class="line"><span class="cl"><span class="nb">cd</span> Anthropic-Cybersecurity-Skills </span></span></code></pre></td></tr></table> </div> </div><h2 id="技能目录长什么样">技能目录长什么样 </h2><p>README 给出的结构示例:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span><span class="lnt">9 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">skills/performing-memory-forensics-with-volatility3/ </span></span><span class="line"><span class="cl">├── SKILL.md </span></span><span class="line"><span class="cl">├── references/ </span></span><span class="line"><span class="cl">│ ├── standards.md </span></span><span class="line"><span class="cl">│ └── workflows.md </span></span><span class="line"><span class="cl">├── scripts/ </span></span><span class="line"><span class="cl">│ └── process.py </span></span><span class="line"><span class="cl">└── assets/ </span></span><span class="line"><span class="cl"> └── template.md </span></span></code></pre></td></tr></table> </div> </div><p>一个 skill 通常包含:</p> <ol> <li>YAML frontmatter。</li> <li>使用条件。</li> <li>前置要求。</li> <li>分步 workflow。</li> <li>验证方法。</li> <li>参考资料和脚本。</li> </ol> <h2 id="适合什么任务">适合什么任务 </h2><p>它适合防御和分析类任务,例如:</p> <ol> <li>内存取证。</li> <li>Windows 事件日志分析。</li> <li>凭据访问行为排查。</li> <li>安全告警分流。</li> <li>威胁建模和框架映射。</li> </ol> <p>README 里的例子是让 Agent 分析内存 dump,Agent 会先扫描技能 frontmatter,再加载最相关的几个 skill,然后按 workflow 执行。</p> <h2 id="使用边界">使用边界 </h2><p>这类安全技能库一定要放在授权环境里使用。建议用于:</p> <ol> <li>自己的实验环境。</li> <li>企业内部授权检测。</li> <li>蓝队分析、取证和合规整理。</li> <li>学习 MITRE、NIST 等安全框架。</li> </ol> <p>不要把它用于未授权目标。AI Agent 有了技能库以后,执行动作会更系统,越是这样越要明确权限边界、日志记录和人工复核。</p>