claude-cybersecurity MCP — Сценарии использования, Установка & Живое демо

Зачем использовать

Ключевые функции

8 parallel specialist agents for different threat surfaces
OWASP 2025, CWE Top 25, MITRE ATT&CK mapping
PCI-DSS and other compliance framework coverage
Business-logic flaw detection (what static tools miss)
AI-generated code patterns flagged (e.g. hallucinated auth)
11+ programming languages, zero dependencies beyond Claude Code

Живое демо

Как выглядит на практике

claude-cybersecurity-skill.replay ▶ готово

0/0

Установка

Выберите клиент

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "claude-cybersecurity-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/AgriciDaniel/claude-cybersecurity",
        "~/.claude/skills/claude-cybersecurity"
      ],
      "_inferred": true
    }
  }
}

Откройте Claude Desktop → Settings → Developer → Edit Config. Перезапустите после сохранения.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "claude-cybersecurity-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/AgriciDaniel/claude-cybersecurity",
        "~/.claude/skills/claude-cybersecurity"
      ],
      "_inferred": true
    }
  }
}

Cursor использует ту же схему mcpServers, что и Claude Desktop. Конфиг проекта приоритетнее глобального.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "claude-cybersecurity-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/AgriciDaniel/claude-cybersecurity",
        "~/.claude/skills/claude-cybersecurity"
      ],
      "_inferred": true
    }
  }
}

Щёлкните значок MCP Servers на боковой панели Cline, затем "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "claude-cybersecurity-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/AgriciDaniel/claude-cybersecurity",
        "~/.claude/skills/claude-cybersecurity"
      ],
      "_inferred": true
    }
  }
}

Тот же формат, что и Claude Desktop. Перезапустите Windsurf для применения.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "claude-cybersecurity-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/AgriciDaniel/claude-cybersecurity",
        "~/.claude/skills/claude-cybersecurity"
      ]
    }
  ]
}

Continue использует массив объектов серверов, а не map.

~/.config/zed/settings.json

{
  "context_servers": {
    "claude-cybersecurity-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/AgriciDaniel/claude-cybersecurity",
          "~/.claude/skills/claude-cybersecurity"
        ]
      }
    }
  }
}

Добавьте в context_servers. Zed перезагружается автоматически.

claude mcp add claude-cybersecurity-skill -- git clone https://github.com/AgriciDaniel/claude-cybersecurity ~/.claude/skills/claude-cybersecurity

Однострочная команда. Проверить: claude mcp list. Удалить: claude mcp remove.

Сценарии использования

Реальные сценарии: claude-cybersecurity

Pre-release security review of a new service

👤 Engineering teams before shipping to production ⏱ ~60 min intermediate

Когда использовать: Before a release with a new or heavily changed service.

Предварительные требования

Skill installed — git clone https://github.com/AgriciDaniel/claude-cybersecurity ~/.claude/skills/claude-cybersecurity

Поток

Run the full 8-agent pass

Use claude-cybersecurity on services/payment. Full pass — vulns, authz, secrets, supply chain, IaC, business logic.✓ Скопировано

→ Report with findings per agent, severity, OWASP/CWE mapping
Triage and route

Group by severity. For each critical/high, draft a GitHub issue with reproduction steps.✓ Скопировано

→ Issue drafts ready to paste

Итог: A defensible pre-release sign-off with a paper trail.

Подводные камни

Treating business-logic flags as false positives automatically — Those are the ones static tools miss — read them twice

Сочетать с: github · repo-forensics-skill

Review AI-generated code for the mistakes LLMs make

👤 Teams accepting lots of PR code from Copilot/Claude/Cursor ⏱ ~45 min intermediate

Когда использовать: Auditing merged or pending PRs that were AI-assisted.

Поток

Focus on the AI-code agent

Use claude-cybersecurity — ai-code patterns only. Flag: hallucinated middleware, plausible-but-wrong crypto, trust-all defaults.✓ Скопировано

→ Pattern-specific flags
Cross-check authz flags

Now run the authorization agent — AI tends to miss role checks on non-happy paths.✓ Скопировано

→ Authz matrix showing gaps

Итог: Catch the class of mistakes LLMs make before they ship.

Сочетать с: github

Sweep infrastructure-as-code for dangerous defaults

👤 Platform teams ⏱ ~30 min intermediate

Когда использовать: Before merging Terraform / K8s / CloudFormation changes.

Поток

Run IaC agent

Use claude-cybersecurity IaC agent on terraform/ — flag public S3, open security groups, privileged pods.✓ Скопировано

→ Misconfigs with severity + fix diffs

Итог: Clean IaC before it hits the cluster.

Scan for malware / C2 / backdoor patterns in dependencies

👤 Security engineers auditing third-party code ⏱ ~30 min intermediate

Когда использовать: New dependency coming in, or suspicious dep update.

Поток

Run threat-intel agent

Run claude-cybersecurity threat-intel on node_modules — known malicious patterns.✓ Скопировано

→ Pattern matches (or clean)

Итог: Early warning before a malicious package slips in.

Подводные камни

False positives on obfuscated legitimate libs (e.g. minified SDKs) — Cross-check with published source; don't auto-remove

Сочетать с: repo-forensics-skill

Комбинации

Сочетайте с другими MCP — эффект x10

claude-cybersecurity-skill + repo-forensics-skill

Layer supply-chain + install-time audits with app-level code review

Run repo-forensics on the dep tree, then claude-cybersecurity on our app code.✓ Скопировано

claude-cybersecurity-skill + github

Auto-file issues for each high-severity finding

After the review, open a GitHub issue per high finding with CWE + remediation.✓ Скопировано

Инструменты

Что предоставляет этот MCP

Инструмент	Входные данные	Когда вызывать
agent_vulns	code path	Standard review
agent_authz	code path	Multi-role apps
agent_secrets	code path	Always
agent_supply_chain	manifest files	Dep updates
agent_iac	iac dir	Infra PRs
agent_threat_intel	code/deps path	Third-party audits
agent_ai_code	code path	AI-assisted PRs
agent_business_logic	code path, domain hints	High-trust workflows (payments, auth)

Стоимость и лимиты

Во что обходится

Квота API: None
Токенов на вызов: High — 8 agents in parallel
Деньги: Free
Совет: Scope to the diff of a PR rather than whole repo when you can

Безопасность

Права, секреты, радиус поражения

Минимальные скоупы: Read on the code under review

Хранение учётных данных: None

Исходящий трафик: None beyond LLM call — findings stay local

Никогда не давайте: Write access to the audited repo during review

This is defensive. Do not use agent output as proof of exploitation — these are findings, not confirmed vulns.
Complement, don't replace, established SAST/SCA tools.

Устранение неполадок

Частые ошибки и исправления

Too many findings to process

Filter by severity=high,critical first; revisit rest iteratively

Agent mislabels framework conventions as vulns

Provide framework context: 'this is Rails, strong_params is in use'

Альтернативы

claude-cybersecurity в сравнении

Альтернатива	Когда использовать	Компромисс
repo-forensics	You need install-time / supply-chain vetting, not app code review	Different threat model
GitHub Advanced Security (CodeQL)	You want SAST integrated into the PR workflow	Misses business logic and AI patterns

Ещё

Ресурсы

📖 Читать официальный README на GitHub

🐙 Открытые задачи

🔍 Все 400+ MCP-серверов и Skills