# Anthropic Cybersecurity Skills Integration Import and use the Anthropic Cybersecurity Skills library (754 skills, 26 domains, 5 frameworks) with Hermes Agent. ## Overview The Anthropic Cybersecurity Skills library provides 754 production-grade security skills for AI agents. Each skill follows the agentskills.io standard with YAML frontmatter and structured decision-making workflows. ## Source - **Repository:** https://github.com/mukul975/Anthropic-Cybersecurity-Skills - **License:** Apache 2.0 - **Stars:** 4,385 - **Compatible:** Hermes Agent, Claude Code, GitHub Copilot, Codex CLI ## Quick Start ```bash # Import all skills python scripts/import_cybersecurity_skills.py # Import by domain python scripts/import_cybersecurity_skills.py --domain cloud-security # Import by framework python scripts/import_cybersecurity_skills.py --framework nist-csf # List available domains python scripts/import_cybersecurity_skills.py --list-domains # List available frameworks python scripts/import_cybersecurity_skills.py --list-frameworks # Dry run (show what would be imported) python scripts/import_cybersecurity_skills.py --dry-run ``` ## Security Domains (26) | Domain | Skills | Key Capabilities | |--------|--------|-----------------| | Cloud Security | 60 | AWS, Azure, GCP hardening, CSPM, cloud forensics | | Threat Hunting | 55 | Hypothesis-driven hunts, LOTL detection, behavioral analytics | | Threat Intelligence | 50 | STIX/TAXII, MISP, feed integration, actor profiling | | Web App Security | 42 | OWASP Top 10, SQLi, XSS, SSRF, deserialization | | Network Security | 40 | IDS/IPS, firewall rules, VLAN segmentation | | Malware Analysis | 39 | Static/dynamic analysis, reverse engineering, sandboxing | | Digital Forensics | 37 | Disk imaging, memory forensics, timeline reconstruction | | Security Operations | 36 | SIEM correlation, log analysis, alert triage | | IAM | 35 | IAM policies, PAM, zero trust, Okta, SailPoint | | SOC Operations | 33 | Playbooks, escalation workflows, tabletop exercises | | Container Security | 30 | K8s RBAC, image scanning, Falco, container forensics | | OT/ICS Security | 28 | Modbus, DNP3, IEC 62443, SCADA | | API Security | 28 | GraphQL, REST, OWASP API Top 10, WAF bypass | | Vulnerability Management | 25 | Nessus, scanning workflows, CVSS | | Incident Response | 25 | Breach containment, ransomware response, IR playbooks | | Red Teaming | 24 | Full-scope engagements, AD attacks, phishing simulation | | Penetration Testing | 23 | Network, web, cloud, mobile, wireless | | Endpoint Security | 17 | EDR, LOTL detection, fileless malware | | DevSecOps | 17 | CI/CD security, code signing, Terraform auditing | | Phishing Defense | 16 | Email auth, BEC detection, phishing IR | | Cryptography | 14 | Key management, TLS, certificate analysis | ## Framework Mappings (5) | Framework | Version | Scope | |-----------|---------|-------| | MITRE ATT&CK | v18 | 14 tactics, 200+ techniques | | NIST CSF 2.0 | 2.0 | 6 functions, 22 categories | | MITRE ATLAS | v5.4 | 16 tactics, 84 techniques | | MITRE D3FEND | v1.3 | 7 categories, 267 techniques | | NIST AI RMF | 1.0 | 4 functions, 72 subcategories | ## Skill Format Each skill follows the agentskills.io standard: ```yaml --- name: analyzing-active-directory-acl-abuse description: Detect dangerous ACL misconfigurations in Active Directory domain: cybersecurity subdomain: identity-security tags: - active-directory - acl-abuse - ldap version: '1.0' author: mahipal license: Apache-2.0 nist_csf: - PR.AA-01 - PR.AA-05 - PR.AA-06 --- ``` ## Use Cases for Hermes 1. **Fleet security** — Agents can audit their own infrastructure 2. **Incident response** — Structured IR playbooks for security events 3. **Threat hunting** — Hypothesis-driven hunts across fleet logs 4. **Compliance** — Framework-mapped skills for audit preparation 5. **Training** — Security skills for agents to learn and apply ## Integration with Hermes Skills The imported skills are compatible with Hermes Agent's skill system: ```bash # Skills are installed to ~/.hermes/skills/cybersecurity/ # Each skill has a SKILL.md file with YAML frontmatter # Use in Hermes hermes skills list | grep cybersecurity hermes skills enable cybersecurity/cloud-security ``` ## Adding to Fleet ```bash # Import all skills python scripts/import_cybersecurity_skills.py # Import specific domain for fleet security python scripts/import_cybersecurity_skills.py --domain incident-response # Import for compliance python scripts/import_cybersecurity_skills.py --framework nist-csf ``` ## Index After import, an index is generated at `~/.hermes/skills/cybersecurity/index.json` listing all installed skills with their metadata.