What kind of indicators of compromise (IOCs) can it check?

The skill can verify suspicious IP addresses, domains, file hashes, and specific file paths against known threat intelligence to confirm the presence of malicious activity.

How does this skill assist with MITRE ATT&CK mapping?

The skill includes a built-in reference for common techniques like T1059 (Command/Scripting Interpreter) and T1567 (Exfiltration), automatically mapping MCP tool outputs to these known attack patterns.

Can I use this for real-time breach investigation?

Yes, the skill provides tools like clawdstrike_timeline and clawdstrike_correlate to analyze live event streams and identify active threats or automated attack sequences.

What is the Threat Hunt skill for Claude Code?

It is a specialized security capability that allows Claude to investigate suspicious activity, query security logs, and perform incident response using the Clawdstrike engine.

Threat Hunt

Name: Threat Hunt
Author: backbay-labs

bybackbay-labs

•

273

•

安全与测试

Investigate security incidents, detect malicious patterns, and perform forensic threat hunting across autonomous AI agent activity logs.

The Threat Hunt skill empowers developers and security teams to secure autonomous AI fleets by providing a structured framework for forensic investigation and incident response. It integrates the Clawdstrike engine to help users establish activity timelines, correlate suspicious events across multiple sources, and cross-reference indicators of compromise (IOCs). By mapping observed behaviors directly to MITRE ATT&CK techniques, the skill ensures that security breaches, policy violations, and anomalous agent behaviors are identified, classified, and remediated with high precision.

主要功能

01Automated IOC checking for suspicious IPs, domains, hashes, and file paths

02273 GitHub stars

03Chronological timeline generation for deep-dive security forensics

04Advanced event correlation to detect lateral movement and exfiltration patterns

05Direct mapping of agent activity to MITRE ATT&CK techniques

06Structured incident reporting with severity classification and remediation steps

使用场景

01Performing post-breach forensics to identify compromised credentials or data exfiltration

02Investigating 'BLOCKED by Clawdstrike' alerts or unexpected security enforcement behavior

03Proactively hunting for persistence and defense evasion techniques in AI-driven workflows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add backbay-labs/clawdstrike threat-hunt

For use in Claude.ai and ChatGPT

主要功能

01Automated IOC checking for suspicious IPs, domains, hashes, and file paths

02273 GitHub stars

03Chronological timeline generation for deep-dive security forensics

04Advanced event correlation to detect lateral movement and exfiltration patterns

05Direct mapping of agent activity to MITRE ATT&CK techniques

06Structured incident reporting with severity classification and remediation steps

使用场景

01Performing post-breach forensics to identify compromised credentials or data exfiltration

02Investigating 'BLOCKED by Clawdstrike' alerts or unexpected security enforcement behavior

03Proactively hunting for persistence and defense evasion techniques in AI-driven workflows