Best use case
MITRE ATT&CK Skill is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
MITRE ATT&CK framework mapping and analysis
Teams using MITRE ATT&CK Skill should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/mitre-attack/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How MITRE ATT&CK Skill Compares
| Feature / Agent | MITRE ATT&CK Skill | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
MITRE ATT&CK framework mapping and analysis
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# MITRE ATT&CK Skill ## Overview This skill provides MITRE ATT&CK framework mapping, analysis, and adversary emulation capabilities. ## Capabilities - Map TTPs to ATT&CK techniques - Generate ATT&CK Navigator layers - Query ATT&CK STIX data - Create attack patterns and campaigns - Analyze technique coverage - Generate detection mappings - Support ATT&CK ICS and Mobile - Create adversary emulation plans ## Target Processes - red-team-operations.js - purple-team-exercise.js - threat-intelligence-research.js - malware-analysis.js ## Dependencies - ATT&CK STIX data (via TAXII or local) - ATT&CK Navigator - mitreattack-python library - Python 3.x ## Usage Context This skill is essential for: - Adversary emulation planning - Detection gap analysis - Threat intelligence correlation - Red team operation planning - Security posture assessment ## Integration Notes - Supports all ATT&CK matrices (Enterprise, Mobile, ICS) - Can generate Navigator layers for visualization - Integrates with threat intelligence platforms - Maps to detection rules and mitigations - Supports campaign and group analysis
Related Skills
process-builder
Scaffold new babysitter process definitions following SDK patterns, proper structure, and best practices. Guides the 3-phase workflow from research to implementation.
babysitter
Orchestrate via @babysitter. Use this skill when asked to babysit a run, orchestrate a process or whenever it is called explicitly. (babysit, babysitter, orchestrate, orchestrate a run, workflow, etc.)
yolo
Run Babysitter autonomously with minimal manual interruption.
user-install
Install the user-level Babysitter Codex setup.
team-install
Install the team-pinned Babysitter Codex workspace setup.
retrospect
Summarize or retrospect on a completed Babysitter run.
resume
Resume an existing Babysitter run from Codex.
project-install
Install the Babysitter Codex workspace integration into the current project.
plan
Plan a Babysitter workflow without executing the run.
observe
Observe, inspect, or monitor a Babysitter run.
model
Inspect or change Babysitter model-routing policy by phase.
issue
Run an issue-centric Babysitter workflow.