MITRE ATT&CK on KnightLi的博客 https://knightli.com/zh-tw/tags/mitre-attck/ Recent content in MITRE ATT&CK on KnightLi的博客 Hugo -- gohugo.io zh-tw Mon, 22 Jun 2026 08:05:45 +0800 Anthropic Cybersecurity Skills 怎麼用:給 AI Agent 加安全分析技能庫 https://knightli.com/zh-tw/2026/06/22/anthropic-cybersecurity-skills-ai-agent-guide/ Mon, 22 Jun 2026 08:05:45 +0800 https://knightli.com/zh-tw/2026/06/22/anthropic-cybersecurity-skills-ai-agent-guide/ <p><code>mukul975/Anthropic-Cybersecurity-Skills</code> 是一個面向 AI Agent 的網路安全技能庫。README 裡寫到它包含 754 個結構化 cybersecurity skills,並映射到 MITRE ATT&amp;CK、NIST CSF、MITRE ATLAS、D3FEND、NIST AI RMF 等框架。</p> <p>專案地址:</p> <p><a class="link" href="https://github.com/mukul975/Anthropic-Cybersecurity-Skills" target="_blank" rel="noopener" >https://github.com/mukul975/Anthropic-Cybersecurity-Skills</a></p> <h2 id="安裝方式">安裝方式 </h2><p>推薦方式是用 <code>npx</code> 新增:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">npx skills add mukul975/Anthropic-Cybersecurity-Skills </span></span></code></pre></td></tr></table> </div> </div><p>也可以直接克隆倉庫:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">git clone https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git </span></span><span class="line"><span class="cl"><span class="nb">cd</span> Anthropic-Cybersecurity-Skills </span></span></code></pre></td></tr></table> </div> </div><h2 id="技能目錄長什麼樣">技能目錄長什麼樣 </h2><p>README 給出的結構範例:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span><span class="lnt">9 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">skills/performing-memory-forensics-with-volatility3/ </span></span><span class="line"><span class="cl">├── SKILL.md </span></span><span class="line"><span class="cl">├── references/ </span></span><span class="line"><span class="cl">│ ├── standards.md </span></span><span class="line"><span class="cl">│ └── workflows.md </span></span><span class="line"><span class="cl">├── scripts/ </span></span><span class="line"><span class="cl">│ └── process.py </span></span><span class="line"><span class="cl">└── assets/ </span></span><span class="line"><span class="cl"> └── template.md </span></span></code></pre></td></tr></table> </div> </div><p>一個 skill 通常包含:</p> <ol> <li>YAML frontmatter。</li> <li>使用條件。</li> <li>前置要求。</li> <li>分步 workflow。</li> <li>驗證方法。</li> <li>參考資料和腳本。</li> </ol> <h2 id="適合什麼任務">適合什麼任務 </h2><p>它適合防禦和分析類任務,例如:</p> <ol> <li>記憶體取證。</li> <li>Windows 事件日誌分析。</li> <li>憑據存取行為排查。</li> <li>安全告警分流。</li> <li>威脅建模和框架映射。</li> </ol> <p>README 裡的例子是讓 Agent 分析記憶體 dump,Agent 會先掃描技能 frontmatter,再載入最相關的幾個 skill,然後按 workflow 執行。</p> <h2 id="使用邊界">使用邊界 </h2><p>這類安全技能庫一定要放在授權環境裡使用。建議用於:</p> <ol> <li>自己的實驗環境。</li> <li>企業內部授權檢測。</li> <li>藍隊分析、取證和合規整理。</li> <li>學習 MITRE、NIST 等安全框架。</li> </ol> <p>不要把它用於未授權目標。AI Agent 有了技能庫以後,執行動作會更系統,越是這樣越要明確權限邊界、日誌記錄和人工複核。</p>