/ Annuaire / Playground / malware-analysis-claude-skills
← Tous les serveurs ↗ GitHub
● Communauté gl0bal01 ⚡ Instantané

malware-analysis-claude-skills

par gl0bal01 · gl0bal01/malware-analysis-claude-skills

5 specialized Claude skills for malware analysis — triage, dynamic analysis, file analysis, detection engineering, and reporting.

malware-analysis-claude-skills provides a complete Claude skills toolkit for professional malware analysis. An orchestrator routes to 5 sub-skills: Malware Triage (rapid assessment), Dynamic Analysis (sandbox behavior monitoring), Specialized File Analyzer (.NET, Office, PDFs, scripts), Detection Engineer (YARA, Sigma, Suricata rule generation), and Report Writer (enterprise-grade reports). Designed for offline REMnux/FlareVM environments.

▶ Voir la démo 📦 Installer 💡 Cas d'usage

Pourquoi l'utiliser

Fonctionnalités clés

Démo en direct

Aperçu en pratique

malware-analysis-claude-skills.replay ▶ prêt
0/0

Installer

Choisissez votre client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Ouvrez Claude Desktop → Settings → Developer → Edit Config. Redémarrez après avoir enregistré.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Cursor utilise le même schéma mcpServers que Claude Desktop. La config projet l'emporte sur la globale.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Cliquez sur l'icône MCP Servers dans la barre latérale Cline, puis "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Même format que Claude Desktop. Redémarrez Windsurf pour appliquer.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "malware-analysis-claude-skills",
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  ]
}

Continue utilise un tableau d'objets serveur plutôt qu'une map.

~/.config/zed/settings.json
{
  "context_servers": {
    "malware-analysis-claude-skills": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
        ]
      }
    }
  }
}

Ajoutez dans context_servers. Zed recharge à chaud à la sauvegarde.

claude mcp add malware-analysis-claude-skills -- TODO 'See README: https://github.com/gl0bal01/malware-analysis-claude-skills'

Une seule ligne. Vérifiez avec claude mcp list. Supprimez avec claude mcp remove.

Cas d'usage

Usages concrets : malware-analysis-claude-skills

How to triage a suspicious file in a sandboxed environment

👤 SOC analysts and malware analysts triaging incoming samples ⏱ ~30 min intermediate

Quand l'utiliser : You received a suspicious file and need a quick assessment before deep analysis.

Prérequis
  • Claude with malware analysis skills installed — Upload SKILL.md orchestrator and sub-skill folders to Claude
  • Isolated analysis environment — Use REMnux or FlareVM in a VM with no network access
Déroulement
  1. Initial triage
    I have a suspicious PE file at /samples/malware.exe. Perform initial triage: file type, hashes, imports, strings analysis, and threat classification.✓ Copié
    → File metadata, hash values, suspicious imports/strings, threat assessment
  2. Dynamic analysis
    Set up a dynamic analysis environment and execute the sample. Monitor for file system changes, network connections, registry modifications, and process creation.✓ Copié
    → Behavioral report with IOCs

Résultat : A threat classification with IOCs and behavioral summary.

Pièges
  • Running malware outside a sandbox — ALWAYS use an isolated VM with no network access. Never analyze malware on your host machine.
Combiner avec : filesystem

Generate detection rules from malware analysis findings

👤 Detection engineers building SOC rules ⏱ ~45 min advanced

Quand l'utiliser : You've analyzed malware and need to create detection rules for your SIEM/IDS.

Prérequis
  • Completed malware analysis — Run triage and dynamic analysis first
Déroulement
  1. Generate detection rules
    Based on our analysis findings, generate YARA rules for file detection, Sigma rules for log-based detection, and Suricata rules for network signatures.✓ Copié
    → Three rule files with clear documentation
  2. Write the report
    Generate a complete malware analysis report including executive summary, technical details, IOCs, and recommended mitigations.✓ Copié
    → Professional report ready for stakeholders

Résultat : Production-ready detection rules and a professional analysis report.

Pièges
  • Rules too specific to one sample — Ask Claude to generalize rules to catch variants, not just the exact sample
Combiner avec : filesystem

Combinaisons

Associez-le à d'autres MCPs pour un effet X10

malware-analysis-claude-skills + filesystem

Save analysis artifacts, detection rules, and reports to organized folders

Save the YARA rules to ~/detections/yara/ and the final report to ~/reports/malware-analysis.md.✓ Copié

Outils

Ce que ce MCP expose

OutilEntréesQuand appelerCoût
Malware Triage file path Quick assessment of a suspicious file 0
Dynamic Analysis file path, sandbox config Monitor runtime behavior in a sandbox 0
Specialized File Analyzer file path Analyze non-PE files (.NET, Office, PDF, scripts) 0
Detection Engineer analysis findings Generate detection rules from findings 0
Report Writer analysis data Generate professional malware analysis reports 0

Coût et limites

Coût d'exécution

Quota d'API
N/A — skills are local. Optional MCP connections to VirusTotal/Threat.Zone for enrichment.
Tokens par appel
1000–5000 tokens per skill invocation
Monétaire
Free (MIT license). Threat intelligence enrichment may require API keys.
Astuce
Start with triage to decide if deep analysis is needed. Don't run all 5 skills on every sample.

Sécurité

Permissions, secrets, portée

Stockage des identifiants : Optional VirusTotal/Threat.Zone API keys in env vars for enrichment
Sortie de données : Designed for offline use. Optional threat intelligence lookups are opt-in.

Dépannage

Erreurs courantes et correctifs

Skill not routing correctly

Ensure the root SKILL.md orchestrator is loaded. It handles routing to sub-skills automatically.

Vérifier : Check that all 5 sub-skill folders are present alongside the orchestrator
Analysis tools not found in sandbox

Use REMnux or FlareVM which come pre-installed with standard analysis tools.

Vérifier : which strings && which file && which yara
Report missing IOCs

Run both triage and dynamic analysis before generating the report to ensure complete data.

Vérifier : Review triage and dynamic analysis outputs

Alternatives

malware-analysis-claude-skills vs autres

AlternativeQuand l'utiliserCompromis
hexstrike-aiYou need active security tools alongside analysis rather than skills-based workflowsBroader tool coverage but less structured analysis workflow

Plus

Ressources

📖 Lire le README officiel sur GitHub

🐙 Voir les issues ouvertes

🔍 Parcourir les 400+ serveurs MCP et Skills