/ 目錄 / 演練場 / malware-analysis-claude-skills
← 全部伺服器 ↗ GitHub
● 社群 gl0bal01 ⚡ 即開即用

malware-analysis-claude-skills

作者 gl0bal01 · gl0bal01/malware-analysis-claude-skills

5 specialized Claude skills for malware analysis — triage, dynamic analysis, file analysis, detection engineering, and reporting.

malware-analysis-claude-skills provides a complete Claude skills toolkit for professional malware analysis. An orchestrator routes to 5 sub-skills: Malware Triage (rapid assessment), Dynamic Analysis (sandbox behavior monitoring), Specialized File Analyzer (.NET, Office, PDFs, scripts), Detection Engineer (YARA, Sigma, Suricata rule generation), and Report Writer (enterprise-grade reports). Designed for offline REMnux/FlareVM environments.

▶ 觀看演示 📦 安裝 💡 使用場景

為什麼要用

核心特性

即時演示

實際使用效果

malware-analysis-claude-skills.replay ▶ 就緒
0/0

安裝

選擇你的客戶端

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

開啟 Claude Desktop → Settings → Developer → Edit Config。儲存後重啟應用。

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

Cursor 使用與 Claude Desktop 相同的 mcpServers 格式。專案級設定優先於全域。

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

點擊 Cline 側欄中的 MCP Servers 圖示,然後選 "Edit Configuration"。

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "malware-analysis-claude-skills": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  }
}

格式與 Claude Desktop 相同。重啟 Windsurf 生效。

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "malware-analysis-claude-skills",
      "command": "TODO",
      "args": [
        "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
      ]
    }
  ]
}

Continue 使用伺服器物件陣列,而非映射。

~/.config/zed/settings.json
{
  "context_servers": {
    "malware-analysis-claude-skills": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/gl0bal01/malware-analysis-claude-skills"
        ]
      }
    }
  }
}

加入 context_servers。Zed 儲存後熱重載。

claude mcp add malware-analysis-claude-skills -- TODO 'See README: https://github.com/gl0bal01/malware-analysis-claude-skills'

一行命令搞定。用 claude mcp list 驗證,claude mcp remove 移除。

使用場景

實戰用法: malware-analysis-claude-skills

How to triage a suspicious file in a sandboxed environment

👤 SOC analysts and malware analysts triaging incoming samples ⏱ ~30 min intermediate

何時使用: You received a suspicious file and need a quick assessment before deep analysis.

前置條件
  • Claude with malware analysis skills installed — Upload SKILL.md orchestrator and sub-skill folders to Claude
  • Isolated analysis environment — Use REMnux or FlareVM in a VM with no network access
步驟
  1. Initial triage
    I have a suspicious PE file at /samples/malware.exe. Perform initial triage: file type, hashes, imports, strings analysis, and threat classification.✓ 已複製
    → File metadata, hash values, suspicious imports/strings, threat assessment
  2. Dynamic analysis
    Set up a dynamic analysis environment and execute the sample. Monitor for file system changes, network connections, registry modifications, and process creation.✓ 已複製
    → Behavioral report with IOCs

結果: A threat classification with IOCs and behavioral summary.

注意事項
  • Running malware outside a sandbox — ALWAYS use an isolated VM with no network access. Never analyze malware on your host machine.
搭配使用: filesystem

Generate detection rules from malware analysis findings

👤 Detection engineers building SOC rules ⏱ ~45 min advanced

何時使用: You've analyzed malware and need to create detection rules for your SIEM/IDS.

前置條件
  • Completed malware analysis — Run triage and dynamic analysis first
步驟
  1. Generate detection rules
    Based on our analysis findings, generate YARA rules for file detection, Sigma rules for log-based detection, and Suricata rules for network signatures.✓ 已複製
    → Three rule files with clear documentation
  2. Write the report
    Generate a complete malware analysis report including executive summary, technical details, IOCs, and recommended mitigations.✓ 已複製
    → Professional report ready for stakeholders

結果: Production-ready detection rules and a professional analysis report.

注意事項
  • Rules too specific to one sample — Ask Claude to generalize rules to catch variants, not just the exact sample
搭配使用: filesystem

組合

與其他 MCP 搭配,撬動十倍槓桿

malware-analysis-claude-skills + filesystem

Save analysis artifacts, detection rules, and reports to organized folders

Save the YARA rules to ~/detections/yara/ and the final report to ~/reports/malware-analysis.md.✓ 已複製

工具

此 MCP 暴露的能力

工具輸入參數何時呼叫成本
Malware Triage file path Quick assessment of a suspicious file 0
Dynamic Analysis file path, sandbox config Monitor runtime behavior in a sandbox 0
Specialized File Analyzer file path Analyze non-PE files (.NET, Office, PDF, scripts) 0
Detection Engineer analysis findings Generate detection rules from findings 0
Report Writer analysis data Generate professional malware analysis reports 0

成本與限制

運行它的成本

API 配額
N/A — skills are local. Optional MCP connections to VirusTotal/Threat.Zone for enrichment.
每次呼叫 Token 數
1000–5000 tokens per skill invocation
費用
Free (MIT license). Threat intelligence enrichment may require API keys.
提示
Start with triage to decide if deep analysis is needed. Don't run all 5 skills on every sample.

安全

權限、密鑰、影響範圍

憑證儲存: Optional VirusTotal/Threat.Zone API keys in env vars for enrichment
資料出站: Designed for offline use. Optional threat intelligence lookups are opt-in.

故障排查

常見錯誤與修復

Skill not routing correctly

Ensure the root SKILL.md orchestrator is loaded. It handles routing to sub-skills automatically.

驗證: Check that all 5 sub-skill folders are present alongside the orchestrator
Analysis tools not found in sandbox

Use REMnux or FlareVM which come pre-installed with standard analysis tools.

驗證: which strings && which file && which yara
Report missing IOCs

Run both triage and dynamic analysis before generating the report to ensure complete data.

驗證: Review triage and dynamic analysis outputs

替代方案

malware-analysis-claude-skills 對比其他方案

替代方案何時用它替代權衡
hexstrike-aiYou need active security tools alongside analysis rather than skills-based workflowsBroader tool coverage but less structured analysis workflow

更多

資源

📖 閱讀 GitHub 上的官方 README

🐙 查看未解決的 issue

🔍 瀏覽全部 400+ MCP 伺服器和 Skills