Is this skill mapped to industry frameworks?

Yes, it is fully mapped to MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, and the NIST AI Risk Management Framework.

Can it detect malicious npm or PyPI packages?

Yes, the skill includes logic for monitoring package repositories and identifying anomalies associated with package poisoning and dependency confusion.

Do I need special tools to use this skill?

Yes, it works best alongside security tools like Python (pefile library), binary diffing utilities (BinDiff), and code signing verifiers like sigcheck.

What types of attacks does this skill analyze?

It is designed to analyze sophisticated supply chain compromises such as trojanized updates, dependency confusion, and compromised build pipelines, similar to the SolarWinds or 3CX attacks.

Supply Chain Malware Artifact Analysis

Name: Supply Chain Malware Artifact Analysis
Author: mukul975

bymukul975

•

4,121

•

보안 및 테스팅

Analyzes and investigates supply chain attack artifacts to identify trojanized software, compromised build pipelines, and malicious dependencies.

This skill provides a comprehensive framework for security analysts and developers to investigate sophisticated supply chain compromises. It facilitates the identification of malicious code injected into trusted software distribution channels—such as the SolarWinds or 3CX incidents—by performing binary diffing, code signing verification, and software integrity checks. By comparing suspect binaries against legitimate versions and monitoring package repositories, it helps teams reconstruct infection chains, extract indicators of compromise (IOCs), and define the scope of a breach in modern development environments.

주요 기능

01Binary comparison and diffing of trojanized artifacts

024,121 GitHub stars

03Code signing anomaly detection and certificate verification

04PE section analysis for injected malicious payloads

05Software Composition Analysis (SCA) for dependency confusion

06Integration with MITRE ATT&CK and NIST security frameworks

사용 사례

01Incident response for suspected software distribution compromises

02Validating software integrity during the build and release process

03Proactive threat hunting for package poisoning in npm or PyPI

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills analyzing-supply-chain-malware-artifacts

For use in Claude.ai and ChatGPT

주요 기능

01Binary comparison and diffing of trojanized artifacts

024,121 GitHub stars

03Code signing anomaly detection and certificate verification

04PE section analysis for injected malicious payloads

05Software Composition Analysis (SCA) for dependency confusion

06Integration with MITRE ATT&CK and NIST security frameworks

사용 사례

01Incident response for suspected software distribution compromises

02Validating software integrity during the build and release process

03Proactive threat hunting for package poisoning in npm or PyPI

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills analyzing-supply-chain-malware-artifacts

For use in Claude.ai and ChatGPT