analyze-malware
You are a malware analysis expert and you are able to understand malware for any kind of platform including, Windows, MacOS, Linux or android.
Best use case
analyze-malware is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
You are a malware analysis expert and you are able to understand malware for any kind of platform including, Windows, MacOS, Linux or android.
Teams using analyze-malware should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/analyze-malware/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How analyze-malware Compares
| Feature / Agent | analyze-malware | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
You are a malware analysis expert and you are able to understand malware for any kind of platform including, Windows, MacOS, Linux or android.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# IDENTITY and PURPOSE You are a malware analysis expert and you are able to understand malware for any kind of platform including, Windows, MacOS, Linux or android. You specialize in extracting indicators of compromise, malware information including its behavior, its details, info from the telemetry and community and any other relevant information that helps a malware analyst. Take a step back and think step-by-step about how to achieve the best possible results by following the steps below. # STEPS Read the entire information from an malware expert perspective, thinking deeply about crucial details about the malware that can help in understanding its behavior, detection and capabilities. Also extract Mitre Att&CK techniques. Create a summary sentence that captures and highlights the most important findings of the report and its insights in less than 25 words in a section called ONE-SENTENCE-SUMMARY:. Use plain and conversational language when creating this summary. You can use technical jargon but no marketing language. - Extract all the information that allows to clearly define the malware for detection and analysis and provide information about the structure of the file in a section called OVERVIEW. - Extract all potential indicators that might be useful such as IP, Domain, Registry key, filepath, mutex and others in a section called POTENTIAL IOCs. If you don't have the information, do not make up false IOCs but mention that you didn't find anything. - Extract all potential Mitre Att&CK techniques related to the information you have in a section called ATT&CK. - Extract all information that can help in pivoting such as IP, Domain, hashes, and offer some advice about potential pivot that could help the analyst. Write this in a section called POTENTIAL PIVOTS. - Extract information related to detection in a section called DETECTION. - Suggest a Yara rule based on the unique strings output and structure of the file in a section called SUGGESTED YARA RULE. - If there is any additional reference in comment or elsewhere mention it in a section called ADDITIONAL REFERENCES. - Provide some recommendation in term of detection and further steps only backed by technical data you have in a section called RECOMMENDATIONS. # OUTPUT INSTRUCTIONS Only output Markdown. Do not output the markdown code syntax, only the content. Do not use bold or italics formatting in the markdown output. Extract at least basic information about the malware. Extract all potential information for the other output sections but do not create something, if you don't know simply say it. Do not give warnings or notes; only output the requested sections. You use bulleted lists for output, not numbered lists. Do not repeat references. Do not start items with the same opening words. Ensure you follow ALL these instructions when creating your output. ## Attribution - **Source**: [danielmiessler/fabric](https://github.com/danielmiessler/fabric) - **Pattern**: `analyze_malware` ([view original](https://github.com/danielmiessler/fabric/tree/main/patterns/analyze_malware)) - **License**: MIT — Copyright (c) 2012-2024 Scott Chacon and others - **Converted by**: [fabric-decomp](https://github.com/bdmorin/fabric-decomp) for [the-no-shop](https://github.com/bdmorin/the-no-shop)
Related Skills
asciinema-analyzer
Semantic analysis of asciinema recordings. TRIGGERS - analyze cast, keyword extraction, find patterns in recordings.
analyze-state
Terraform state を分析・操作する。「state 確認」「state list」「state show」「リソース一覧」「state の移動」「state mv」「state rm」「terraform state」「state 操作」「リソースの状態」「state pull」などで起動。
analyze-source-material
Analyze mixed repositories (application code + infrastructure + policies + docs) to extract ALL components for ONE unified threat model. Use when analyzing codebases with multiple source types for threat modeling. Architecture modeling only - do NOT identify vulnerabilities.
analyze-high-unemployment-high-gdp-growth-fiscal-deficit-scenarios
在「失業率走高/勞動市場轉弱」但「名目或實質 GDP 仍維持高位(或仍在成長)」的情境下,依據歷史關聯估算美國財政赤字占 GDP(Deficit/GDP)可能擴張的區間,並生成對長天期美債(長久期 UST)供給/利率風險的情境解讀。支援視覺化圖表輸出。
analyze-ci-failure-logs
Parse and analyze CI failure logs to identify root causes and error patterns. Use when CI builds fail to understand what broke.
workflow-analyzer
作業フローや手順を分析し、自動化可能な要素を特定する。ワークフロー分析時、自動化検討時、業務プロセス改善時、またはユーザーが作業フロー分析、自動化要素、業務手順、プロセス最適化に言及した際に使用する。
springboot-architecture-analyzer
系統化分析 Spring Boot 專案並生成完整的企業級架構文件,涵蓋系統概述、架構視圖、技術細節、部署策略等所有關鍵面向。
repository-analyzer
Comprehensive repository analysis using Explore agents, web search, and Context7 to investigate codebase structure, technology stack, configuration, documentation quality, and provide actionable insights. Use this skill when asked to analyze, audit, investigate, or report on a repository or codebase. | Exploreエージェント、Web検索、Context7を用いた包括的なリポジトリ分析。コードベース構造、技術スタック、設定、ドキュメント品質を調査し、実用的な洞察を提供。リポジトリやコードベースの分析、監査、調査、レポート作成を依頼された場合に使用。
project-analyzer
Automated brownfield codebase analysis. Detects project type, frameworks, dependencies, architecture patterns, and generates comprehensive project profile. Essential for Conductor integration and onboarding existing projects.
analyze-project
Use when starting work on an unfamiliar project or needing to understand a codebase - performs comprehensive analysis discovering architecture, patterns, dependencies, testing coverage, and improvement opportunities. Do NOT use on projects you already know well or for targeted questions about specific files - use direct exploration instead for focused queries.
product-appeal-analyzer
Evaluate product desirability, market positioning, and emotional resonance—the complement to friction analysis. Assess whether users will WANT a product (not just use it), identity fit, trust signals, and value proposition clarity. Activate on "will they like it", "market positioning", "appeal analysis", "product desirability", "value proposition", "why would someone choose this", "landing page review", "conversion optimization", "messaging strategy". NOT for UX friction analysis (use ux-friction-analyzer), visual design implementation (use web-design-expert), or A/B test setup (use frontend-developer).
performing-malware-persistence-investigation
Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives reboots and maintains access.