/ Diretório / Playground / malware-analysis-claude-skills
← Todos os servidores ↗ GitHub
● Comunidade gl0bal01 ⚡ Instantâneo

malware-analysis-claude-skills

por gl0bal01 · gl0bal01/malware-analysis-claude-skills

5 specialized Claude skills for malware analysis — triage, dynamic analysis, file analysis, detection engineering, and reporting.

malware-analysis-claude-skills provides a complete Claude skills toolkit for professional malware analysis. An orchestrator routes to 5 sub-skills: Malware Triage (rapid assessment), Dynamic Analysis (sandbox behavior monitoring), Specialized File Analyzer (.NET, Office, PDFs, scripts), Detection Engineer (YARA, Sigma, Suricata rule generation), and Report Writer (enterprise-grade reports). Designed for offline REMnux/FlareVM environments.

▶ Ver demo 📦 Instalar 💡 Casos de uso

Por que usar

Principais recursos

Demo ao vivo

Como fica na prática

malware-analysis-claude-skills.replay ▶ pronto
0/0

Instalar

Escolha seu cliente

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Abra Claude Desktop → Settings → Developer → Edit Config. Reinicie após salvar.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Cursor usa o mesmo esquema mcpServers que o Claude Desktop. Config de projeto vence a global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Clique no ícone MCP Servers na barra lateral do Cline, depois "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Mesmo formato do Claude Desktop. Reinicie o Windsurf para aplicar.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "malware-analysis-claude-skills",
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  ]
}

O Continue usa um array de objetos de servidor em vez de um map.

~/.config/zed/settings.json
{
  "context_servers": {
    "malware-analysis-claude-skills": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
        ]
      }
    }
  }
}

Adicione em context_servers. Zed recarrega automaticamente ao salvar.

claude mcp add malware-analysis-claude-skills -- TODO 'See README: https://github.com/gl0bal01/malware-analysis-claude-skills'

Uma linha só. Verifique com claude mcp list. Remova com claude mcp remove.

Casos de uso

Usos do mundo real: malware-analysis-claude-skills

How to triage a suspicious file in a sandboxed environment

👤 SOC analysts and malware analysts triaging incoming samples ⏱ ~30 min intermediate

Quando usar: You received a suspicious file and need a quick assessment before deep analysis.

Pré-requisitos
  • Claude with malware analysis skills installed — Upload SKILL.md orchestrator and sub-skill folders to Claude
  • Isolated analysis environment — Use REMnux or FlareVM in a VM with no network access
Fluxo
  1. Initial triage
    I have a suspicious PE file at /samples/malware.exe. Perform initial triage: file type, hashes, imports, strings analysis, and threat classification.✓ Copiado
    → File metadata, hash values, suspicious imports/strings, threat assessment
  2. Dynamic analysis
    Set up a dynamic analysis environment and execute the sample. Monitor for file system changes, network connections, registry modifications, and process creation.✓ Copiado
    → Behavioral report with IOCs

Resultado: A threat classification with IOCs and behavioral summary.

Armadilhas
  • Running malware outside a sandbox — ALWAYS use an isolated VM with no network access. Never analyze malware on your host machine.
Combine com: filesystem

Generate detection rules from malware analysis findings

👤 Detection engineers building SOC rules ⏱ ~45 min advanced

Quando usar: You've analyzed malware and need to create detection rules for your SIEM/IDS.

Pré-requisitos
  • Completed malware analysis — Run triage and dynamic analysis first
Fluxo
  1. Generate detection rules
    Based on our analysis findings, generate YARA rules for file detection, Sigma rules for log-based detection, and Suricata rules for network signatures.✓ Copiado
    → Three rule files with clear documentation
  2. Write the report
    Generate a complete malware analysis report including executive summary, technical details, IOCs, and recommended mitigations.✓ Copiado
    → Professional report ready for stakeholders

Resultado: Production-ready detection rules and a professional analysis report.

Armadilhas
  • Rules too specific to one sample — Ask Claude to generalize rules to catch variants, not just the exact sample
Combine com: filesystem

Combinações

Combine com outros MCPs para 10× de alavancagem

malware-analysis-claude-skills + filesystem

Save analysis artifacts, detection rules, and reports to organized folders

Save the YARA rules to ~/detections/yara/ and the final report to ~/reports/malware-analysis.md.✓ Copiado

Ferramentas

O que este MCP expõe

FerramentaEntradasQuando chamarCusto
Malware Triage file path Quick assessment of a suspicious file 0
Dynamic Analysis file path, sandbox config Monitor runtime behavior in a sandbox 0
Specialized File Analyzer file path Analyze non-PE files (.NET, Office, PDF, scripts) 0
Detection Engineer analysis findings Generate detection rules from findings 0
Report Writer analysis data Generate professional malware analysis reports 0

Custo e limites

O que custa rodar

Cota de API
N/A — skills are local. Optional MCP connections to VirusTotal/Threat.Zone for enrichment.
Tokens por chamada
1000–5000 tokens per skill invocation
Monetário
Free (MIT license). Threat intelligence enrichment may require API keys.
Dica
Start with triage to decide if deep analysis is needed. Don't run all 5 skills on every sample.

Segurança

Permissões, segredos, alcance

Armazenamento de credenciais: Optional VirusTotal/Threat.Zone API keys in env vars for enrichment
Saída de dados: Designed for offline use. Optional threat intelligence lookups are opt-in.

Solução de problemas

Erros comuns e correções

Skill not routing correctly

Ensure the root SKILL.md orchestrator is loaded. It handles routing to sub-skills automatically.

Verificar: Check that all 5 sub-skill folders are present alongside the orchestrator
Analysis tools not found in sandbox

Use REMnux or FlareVM which come pre-installed with standard analysis tools.

Verificar: which strings && which file && which yara
Report missing IOCs

Run both triage and dynamic analysis before generating the report to ensure complete data.

Verificar: Review triage and dynamic analysis outputs

Alternativas

malware-analysis-claude-skills vs. outros

AlternativaQuando usarTroca
hexstrike-aiYou need active security tools alongside analysis rather than skills-based workflowsBroader tool coverage but less structured analysis workflow

Mais

Recursos

📖 Leia o README oficial no GitHub

🐙 Ver issues abertas

🔍 Ver todos os 400+ servidores MCP e Skills