skills/mukul975/anthropic-cybersecurity-skills/operationalizing-misp-threat-feeds/Gen Agent Trust Hub
operationalizing-misp-threat-feeds
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone the official MISP docker repository from GitHub ('github.com/MISP/misp-docker.git') and install reputable Python packages ('pymisp', 'sigma-cli', 'pyyaml') from standard registries.
- [COMMAND_EXECUTION]: Standard system and security tools are utilized for environment setup and deployment, including 'git', 'docker', 'pip', 'curl', 'suricata', 'wazuh-control', and 'sigma'. These commands are consistent with the skill's stated purpose of managing a threat intelligence platform.
- [DATA_EXFILTRATION]: The provided Python script ('scripts/agent.py') connects to a user-configured MISP instance to retrieve Indicators of Compromise (IOCs). This communication is limited to the MISP REST API for the intended purpose of generating local detection artifacts.
- [CREDENTIALS_UNSAFE]: The skill uses generic placeholders such as 'YOUR_AUTH_KEY' for authentication configuration, following security best practices. It correctly advises users to manage sensitive environment variables via '.env' files.
Audit Metadata