malware-analysis-claude-skills MCP — 사용 사례, 설치 & 라이브 데모

왜 쓰나요

핵심 기능

5 specialized sub-skills covering the complete malware analysis workflow
Single orchestrator entry point with automatic routing
Offline-compatible with REMnux and FlareVM isolated analysis environments
Generates production-ready YARA, Sigma, and Suricata detection rules
Enterprise-grade technical report generation

라이브 데모

실제 사용 모습

malware-analysis-claude-skills.replay ▶ 준비됨

0/0

설치

클라이언트 선택

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Claude Desktop → Settings → Developer → Edit Config 열기. 저장 후 앱 재시작.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Cursor는 Claude Desktop과 동일한 mcpServers 스키마 사용. 프로젝트 설정이 전역보다 우선.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Cline 사이드바의 MCP Servers 아이콘 클릭 후 "Edit Configuration" 선택.

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Claude Desktop과 같은 형식. Windsurf 재시작 후 적용.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "malware-analysis-claude-skills",
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  ]
}

Continue는 맵이 아닌 서버 오브젝트 배열 사용.

~/.config/zed/settings.json

{
  "context_servers": {
    "malware-analysis-claude-skills": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
        ]
      }
    }
  }
}

context_servers에 추가. 저장 시 Zed가 핫 리로드.

claude mcp add malware-analysis-claude-skills -- TODO 'See README: https://github.com/gl0bal01/malware-analysis-claude-skills'

한 줄 명령. claude mcp list로 확인, claude mcp remove로 제거.

사용 사례

실전 활용법: malware-analysis-claude-skills

How to triage a suspicious file in a sandboxed environment

👤 SOC analysts and malware analysts triaging incoming samples ⏱ ~30 min intermediate

언제 쓸까: You received a suspicious file and need a quick assessment before deep analysis.

사전 조건

Claude with malware analysis skills installed — Upload SKILL.md orchestrator and sub-skill folders to Claude
Isolated analysis environment — Use REMnux or FlareVM in a VM with no network access

흐름

Initial triage

I have a suspicious PE file at /samples/malware.exe. Perform initial triage: file type, hashes, imports, strings analysis, and threat classification.✓ 복사됨

→ File metadata, hash values, suspicious imports/strings, threat assessment
Dynamic analysis

Set up a dynamic analysis environment and execute the sample. Monitor for file system changes, network connections, registry modifications, and process creation.✓ 복사됨

→ Behavioral report with IOCs

결과: A threat classification with IOCs and behavioral summary.

함정

Running malware outside a sandbox — ALWAYS use an isolated VM with no network access. Never analyze malware on your host machine.

함께 쓰기: filesystem

Generate detection rules from malware analysis findings

👤 Detection engineers building SOC rules ⏱ ~45 min advanced

언제 쓸까: You've analyzed malware and need to create detection rules for your SIEM/IDS.

사전 조건

Completed malware analysis — Run triage and dynamic analysis first

흐름

Generate detection rules

Based on our analysis findings, generate YARA rules for file detection, Sigma rules for log-based detection, and Suricata rules for network signatures.✓ 복사됨

→ Three rule files with clear documentation
Write the report

Generate a complete malware analysis report including executive summary, technical details, IOCs, and recommended mitigations.✓ 복사됨

→ Professional report ready for stakeholders

결과: Production-ready detection rules and a professional analysis report.

함정

Rules too specific to one sample — Ask Claude to generalize rules to catch variants, not just the exact sample

함께 쓰기: filesystem

조합

다른 MCP와 조합해 10배 효율

malware-analysis-claude-skills + filesystem

Save analysis artifacts, detection rules, and reports to organized folders

Save the YARA rules to ~/detections/yara/ and the final report to ~/reports/malware-analysis.md.✓ 복사됨

도구

이 MCP가 노출하는 것

도구	입력	언제 호출
Malware Triage	file path	Quick assessment of a suspicious file
Dynamic Analysis	file path, sandbox config	Monitor runtime behavior in a sandbox
Specialized File Analyzer	file path	Analyze non-PE files (.NET, Office, PDF, scripts)
Detection Engineer	analysis findings	Generate detection rules from findings
Report Writer	analysis data	Generate professional malware analysis reports

비용 및 제한

운영 비용

API 쿼터: N/A — skills are local. Optional MCP connections to VirusTotal/Threat.Zone for enrichment.
호출당 토큰: 1000–5000 tokens per skill invocation
금액: Free (MIT license). Threat intelligence enrichment may require API keys.
팁: Start with triage to decide if deep analysis is needed. Don't run all 5 skills on every sample.

보안

권한, 시크릿, 파급범위

자격 증명 저장: Optional VirusTotal/Threat.Zone API keys in env vars for enrichment

데이터 외부 송신: Designed for offline use. Optional threat intelligence lookups are opt-in.

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
ALWAYS analyze malware in isolated environments (REMnux, FlareVM) with no network access.
Never execute malware samples on your host machine or connected networks.
Detection rules should be tested in a staging environment before deploying to production.

문제 해결

자주 발생하는 오류와 해결

Skill not routing correctly

Ensure the root SKILL.md orchestrator is loaded. It handles routing to sub-skills automatically.

확인: Check that all 5 sub-skill folders are present alongside the orchestrator

Analysis tools not found in sandbox

Use REMnux or FlareVM which come pre-installed with standard analysis tools.

확인: which strings && which file && which yara

Report missing IOCs

Run both triage and dynamic analysis before generating the report to ensure complete data.

확인: Review triage and dynamic analysis outputs

대안

malware-analysis-claude-skills 다른 것과 비교

대안	언제 쓰나	단점/장점
hexstrike-ai	You need active security tools alongside analysis rather than skills-based workflows	Broader tool coverage but less structured analysis workflow

malware-analysis-claude-skills

왜 쓰나요

핵심 기능

라이브 데모

실제 사용 모습

설치

클라이언트 선택

사용 사례

실전 활용법: malware-analysis-claude-skills

How to triage a suspicious file in a sandboxed environment

사전 조건

흐름

함정

Generate detection rules from malware analysis findings

사전 조건

흐름

함정

조합

다른 MCP와 조합해 10배 효율

도구

이 MCP가 노출하는 것

비용 및 제한

운영 비용

보안

권한, 시크릿, 파급범위

문제 해결

자주 발생하는 오류와 해결

대안

malware-analysis-claude-skills 다른 것과 비교

더 보기

리소스