github analyzed 0445030 unconfirmed MCP

mukul975/Anthropic-Cybersecurity-Skills

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 26 security domains · Apache 2.0

maintainer: mukul975
license: Apache-2.0
first seen: 2026-05-22
last seen: 2026-06-04
releases · 30d: 0
short id

risk 68/100 · heuristic grade

D high

capability exposureinferred+35
recent driftinferred+12
tool safetyinferred+24
trust mitigatorsmixed−3

inferredmixed

The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.

graded 8m ago · see ecosystem CVEs →

risk trajectory 1 movements

2d agoA · 0 → D · 68

capability exposure grade factor +35

Inferred surface — each links to servers holding it:

vulnerabilities 0 CVEs

No known CVEs for this server.

tool safety 2 findings · grade factor +24

highdangerous code
committed secret: AWS access key id · dynamic exec: eval()/exec() · suspicious bundled script in 36 file(s)
highhidden prompt content
11 file(s) with hidden prompt content: mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-email-headers-for-phishing-investigation/SKILL.md (skill-exfil), mukul975-A…

skills & danger signals github-tarball

prompt-surface shipped agent-instruction files + hidden-content / dangerous-code findings — quoted from the analyzed source

analyzed commit 0445030 · analyzer v18 · 10h ago

skills & prompt files 195

⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-email-headers-for-phishing-investigation/SKILL.md:200secret→sink: curl -s "https://www.virustotal.com/api/v3/domains/${SENDER_DOMAIN}" \
⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-post-incident-lessons-learned/SKILL.md:50secret→sink: curl -s "https://thehive.local/api/v1/case/$CASE_ID/timeline" \
⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-mobile-malware-behavior/SKILL.md:197secret→sink: | **C2 Beacon** | Regular network check-in from malware to command-and-control server, identifiable by periodic timing patterns |
⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-api-schema-validation-security/SKILL.md:373secret→sink: -H "Authorization: Bearer ${CF_API_TOKEN}" \
⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-ddos-mitigation-with-cloudflare/SKILL.md:115secret→sink: curl -X POST "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \
⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-device-posture-assessment-in-zero-trust/SKILL.md:123secret→sink: curl -X GET "https://api.crowdstrike.com/zero-trust-assessment/entities/assessments/v1?ids=${DEVICE_AID}" \
⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-dynamic-analysis-with-any-run/SKILL.md:94secret→sink: curl "https://api.any.run/v1/analysis/$TASK_ID" \
⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-network-forensics-with-wireshark/SKILL.md:147secret→sink: curl -s "https://www.virustotal.com/api/v3/files/$hash" \
⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/testing-for-broken-access-control/SKILL.md:144secret→sink: "https://target.example.com$endpoint")
⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/testing-for-sensitive-data-exposure/SKILL.md:97secret→sink: "https://target.example.com/$file")
⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/triaging-security-incident-with-ir-playbook/SKILL.md:70secret→sink: curl -s "https://www.virustotal.com/api/v3/ip_addresses/$SRC_IP" \

danger signals44

dynamic code executioneval()/exec()mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-incident-response-dashboard/scripts/agent.py:106avg(eval(if(status_label="Resolved*", (status_end - _time)/3600, null()))) AS avg_resolve_hrs
dynamic code executioneval()/exec()mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-alert-fatigue-reduction/scripts/agent.py:27sum(eval(if(status_label="Resolved - True Positive", 1, 0))) AS tp,
suspicious endpoint169.254.169.254 (cloud metadata)mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/exploiting-server-side-request-forgery/scripts/agent.py:20"aws_imdsv1": "http://169.254.169.254/latest/meta-data/",
suspicious endpoint169.254.169.254 (cloud metadata)mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-blind-ssrf-exploitation/scripts/agent.py:29"http://169.254.169.254/latest/meta-data/",
suspicious endpoint169.254.169.254 (cloud metadata)mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-ssrf-vulnerability-exploitation/scripts/agent.py:16{"name": "AWS IMDSv1 metadata", "url": "http://169.254.169.254/latest/meta-data/", "indicator": "ami-id"},
suspicious endpoint169.254.169.254 (cloud metadata)mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/testing-for-xxe-injection-vulnerabilities/scripts/agent.py:29<!ENTITY xxe SYSTEM "http://169.254.169.254/latest/meta-data/">
over-broad OAuth scopehttps://mail.google.com/mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-browser-isolation-for-zero-trust/scripts/agent.py:987"https://mail.google.com/inbox",
committed secretAWS access key idmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deploying-ransomware-canary-files/scripts/agent.py:82AKIAI4…(20 chars, redacted)
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-powershell-empire-artifacts/scripts/agent.py:22re.compile(r"IEX\s*\(", re.IGNORECASE),
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-powershell-script-block-logging/scripts/agent.py:24(r"(?i)(Invoke-Expression|iex)\s*\(", "Invoke-Expression execution", "T1059.001", "high"),
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-security-logs-with-splunk/scripts/agent.py:71'OR CommandLine="*downloadstring*" OR CommandLine="*iex*") '
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-detection-rule-with-splunk-spl/scripts/process.py:268'| where match(ScriptBlockText, "(?i)(encodedcommand|invoke-expression|iex|downloadstring|frombase64string|net\\.webclient|invoke-mimikatz)") '
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-memory-forensics-with-volatility/scripts/agent.py:91"powershell -enc", "invoke-expression", "downloadstring", "net user",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deobfuscating-powershell-obfuscated-malware/scripts/agent.py:53(r'(?:iex|invoke-expression)', "Invoke-Expression (IEX) execution", "HIGH"),
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deobfuscating-powershell-obfuscated-malware/scripts/process.py:51(r'Invoke-Expression', "Invoke-Expression"),
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-ai-model-prompt-injection-attacks/scripts/agent.py:40("command_injection_via_prompt", r"(?i)(;\s*(rm|cat|wget|curl|bash|sh|python|exec|eval)\b|\|\s*(cat|ls|id|whoami|nc)\b|`[^`]+`)"),
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-command-and-control-over-dns/scripts/agent.py:593r"Invoke-Expression", r"IEX\s*\(", r"DownloadString",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-fileless-attacks-on-endpoints/scripts/agent.py:19r"Invoke-Expression|IEX\s*\(": ("T1059.001", "HIGH", "Dynamic code execution"),
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-fileless-attacks-on-endpoints/scripts/process.py:15"invoke_expression": r"(?i)(iex\s|invoke-expression)",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-fileless-malware-techniques/scripts/agent.py:37(r'IEX\s*\(', "Invoke-Expression (download cradle)"),
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-living-off-the-land-attacks/scripts/agent.py:141r"IEX\s*\(",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-malicious-scheduled-tasks-with-sysmon/scripts/agent.py:20r"powershell.*iex", r"powershell.*invoke-expression",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-supply-chain-attacks-in-ci-cd/scripts/agent.py:152if "curl" in stripped and "| sh" in stripped or "| bash" in stripped:
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-suspicious-powershell-execution/scripts/agent.py:14"Invoke-Expression", "IEX", "Invoke-WebRequest", "Invoke-RestMethod",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-suspicious-powershell-execution/scripts/process.py:13r'iex',
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-anomalous-powershell-execution/scripts/agent.py:47r"IEX\s*\(",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-living-off-the-land-binaries/scripts/agent.py:69r"IEX\s*\(", r"Invoke-Expression", r"DownloadString",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-lolbins-execution-in-endpoint-logs/scripts/agent.py:24r"-enc\s+", r"IEX", r"Invoke-Expression", r"DownloadString",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-persistence-mechanisms-in-windows/scripts/agent.py:30r"base64", r"iex\s*\(", r"downloadstring",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-persistence-mechanisms-in-windows/scripts/process.py:309r"mshta", r"http[s]?://", r"-enc\s", r"iex\s",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-persistence-via-wmi-subscriptions/scripts/agent.py:32r"base64", r"IEX", r"DownloadString", r"Net\.WebClient",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-persistence-via-wmi-subscriptions/scripts/process.py:31(r"(?i)(invoke-expression|iex|downloadstring)", "download_cradle"),
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-registry-persistence-mechanisms/scripts/agent.py:49r"base64", r"downloadstring", r"iex\s*\(",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-registry-run-key-persistence/scripts/agent.py:91if re.search(r"(FromBase64|IEX|Invoke-Expression|DownloadString|Net\.WebClient)", details or "", re.IGNORECASE):
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-scheduled-task-persistence/scripts/agent.py:13r"powershell.*-enc", r"powershell.*downloadstring", r"powershell.*iex",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-scheduled-task-persistence/scripts/process.py:14r"-enc", r"-encodedcommand", r"iex", r"downloadstring",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-unusual-service-installations/scripts/agent.py:32(r"invoke-expression|iex\s", "invoke_expression"),
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-siem-use-cases-for-detection/scripts/agent.py:53'(CommandLine="*-enc*" OR CommandLine="*invoke-expression*" '
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-velociraptor-for-ir-collection/scripts/process.py:246"invoke-mimikatz", "invoke-expression", "downloadstring",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-container-image-hardening/scripts/agent.py:119if upper.startswith("RUN") and "curl" in stripped and "| sh" in stripped:
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-malware-persistence-investigation/scripts/agent.py:17"downloadstring", "invoke-", "iex", "hidden",
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-threat-hunting-with-yara-rules/scripts/agent.py:32$iex = "IEX" ascii nocase
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/scanning-container-images-with-grype/scripts/agent.py:35return {"error": "grype not found. Install: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh"}
suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/securing-container-registry-images/scripts/agent.py:58print(" [-] Syft not installed. Install: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh")

other grade factors evidence elsewhere

recent drift+12 capability drift →

embed badge readme-ready

[![MCP Observatory risk grade](https://mcpobservatory.com/servers/github:mukul975/Anthropic-Cybersecurity-Skills/badge.svg)](https://mcpobservatory.com/servers/github:mukul975/Anthropic-Cybersecurity-Skills/security)

Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of mukul975.

mukul975/Anthropic-Cybersecurity-Skills

skills & prompt files 195

danger signals44

Navigate

Stream

Display