Does it provide remediation advice?

Yes, the reporting feature classifies incidents by severity and provides concrete remediation steps based on the findings of the investigation.

What kind of indicators can I check?

You can use the skill to check suspicious IP addresses, domains, file hashes, and file paths against threat intelligence to identify known Indicators of Compromise (IOCs).

Can it identify specific cyberattack techniques?

Yes, it maps observed agent behaviors to the MITRE ATT&CK framework, identifying techniques like Command and Scripting Interpreter, Exfiltration, and Credential Access.

How does it handle 'BLOCKED' messages?

The skill automatically activates when Clawdstrike blocks an action, allowing the AI to query the specific guard that triggered and investigate the context of the denial.

What is the Clawdstrike Threat Hunt skill?

It is a specialized capability for Claude Code designed to investigate security events, perform forensics, and respond to threats within AI agent environments.

Clawdstrike Threat Hunting

Name: Clawdstrike Threat Hunting
Author: backbay-labs

bybackbay-labs

•

273

•

보안 및 테스팅

Investigates security incidents and identifies malicious patterns in AI agent activity using the Clawdstrike enforcement engine.

This skill empowers Claude to function as a security analyst by providing a structured framework for investigating suspicious behavior within AI fleets. It enables the correlation of security events, lookup of Indicators of Compromise (IOCs), and mapping of agent actions to MITRE ATT&CK techniques. Whether you are diagnosing why a policy blocked an action or conducting a full breach investigation, this skill provides the tools to establish timelines, classify incident severity, and generate comprehensive response reports.

주요 기능

01Chronological security event timeline generation

02273 GitHub stars

03Structured incident classification and reporting

04IOC lookups for suspicious domains, IPs, and file hashes

05Automated mapping to MITRE ATT&CK techniques

06Correlation of disparate events to identify attack sequences

사용 사례

01Performing post-incident forensics on suspicious file or network activity

02Detecting lateral movement or privilege escalation in autonomous agents

03Investigating 'BLOCKED by Clawdstrike' messages and policy denials

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add backbay-labs/clawdstrike threat-hunt

For use in Claude.ai and ChatGPT

주요 기능

01Chronological security event timeline generation

02273 GitHub stars

03Structured incident classification and reporting

04IOC lookups for suspicious domains, IPs, and file hashes

05Automated mapping to MITRE ATT&CK techniques

06Correlation of disparate events to identify attack sequences

사용 사례

01Performing post-incident forensics on suspicious file or network activity

02Detecting lateral movement or privilege escalation in autonomous agents

03Investigating 'BLOCKED by Clawdstrike' messages and policy denials

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add backbay-labs/clawdstrike threat-hunt

For use in Claude.ai and ChatGPT