What it does This repo packages 754 cybersecurity skills as structured Markdown files following the agentskills.io standard. Each skill includes YAML frontmatter for fast agent discovery and step-by-step workflows for execution. The idea: instead of an AI agent guessing which Volatility3 plugin to run or missing LSASS access patterns, it loads a pre-vetted playbook written by actual practitioners.

The interesting bit Every skill maps simultaneously to five frameworks — MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, MITRE D3FEND, and NIST AI RMF. The README claims no other open-source skills library does this. The progressive disclosure architecture is clever: ~30 tokens to scan a skill’s frontmatter, 500–2,000 to load the full workflow, so agents can search all 754 without context-window bankruptcy.

Key highlights

• 26 security domains covered, from cloud forensics to OT/ICS (though Deception Technology has just 2 skills)
• Validated against MITRE ATT&CK v19.1 using the official Python library; zero revoked or deprecated IDs
• Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI, and any agentskills.io-compatible platform
• Apache 2.0 licensed; install via npx skills add or plain git clone
• Includes helper scripts, reference mappings, and report templates per skill

Caveats

• The project is explicitly not affiliated with Anthropic PBC despite the name — it’s community-built
• The GARS-2026 survey and Casky.ai playground are side projects by the same author; the playground requires a waitlist
• Some framework version numbers differ between README sections (v18 vs v19.1 for ATT&CK), suggesting the docs may not be perfectly synchronized

Verdict Security teams already using AI agents for triage or forensics should grab this — it’s essentially a staffed SOC’s tribal knowledge, serialized. If you’re not running agentic workflows yet, this is a very detailed glimpse of what you’re missing, but the value only materializes when your LLM can actually call tools and execute steps.