DocsQuick StartAI News
AI NewsAnalystAIPack Open-Sourced: 118 Agent Skills Unleashed for Malware Analysis
Industry News

AnalystAIPack Open-Sourced: 118 Agent Skills Unleashed for Malware Analysis

2026-07-01T19:07:03.970Z
AnalystAIPack Open-Sourced: 118 Agent Skills Unleashed for Malware Analysis

An open-source project called AnalystAIPack has surfaced on Hacker News, directly releasing 118 runnable Agent skills specifically designed for malware analysis and reverse engineering scenarios. This marks a concentrated implementation of the Agent Skills paradigm in the cybersecurity vertical.

A Security Analyst Turned Their Entire Workflow into 118 Skills

Yesterday, a project called AnalystAIPack popped up on Hacker News. The author works in malware analysis and took their day-to-day workflow—static analysis, dynamic debugging, reverse engineering, sample classification, YARA rule generation, IOC extraction—and turned the whole thing into skill packages that Agents can call directly, open-sourcing 118 of them in one shot.

The timing is interesting. In the first half of 2026, Agent Skills completely pushed last year’s briefly popular MCP to the sidelines and became the mainstream way of giving AI “superpower plugins.” After OpenClaw ignited the ClawHub ecosystem, vertical-domain Skill packages started appearing rapidly. But for actual security confrontation scenarios—and written firsthand by working analysts—AnalystAIPack is among the first projects at meaningful scale.

Screenshot of the AnalystAIPack project homepage and skill list

What the 118 Skills Actually Do

The author didn’t dump a giant list in the blog post. Instead, the skills are grouped according to a real analyst workflow. After digging through the project structure, they roughly fall into these categories:

  • Static analysis: PE/ELF/Mach-O header parsing, import/export table extraction, string clustering, entropy scanning, packer detection. It essentially wraps Python libraries like pefile, lief, and capstone into Agent-callable primitives;
  • Dynamic analysis: Sandbox behavior log interpretation, API call sequence clustering, process tree visualization, network traffic extraction;
  • Reverse engineering: This is the centerpiece. The project adapts scripting interfaces for Ghidra, IDA, radare2, and Binary Ninja, allowing the Agent to directly issue instructions like “decompile this function and explain the obfuscation logic”;
  • Threat intelligence: API wrappers for VirusTotal, MalwareBazaar, and Any.Run, combined with local YARA rules for cross-validation;
  • Report generation: From IOC extraction to MITRE ATT&CK mapping, ultimately producing a deliverable analysis report.

Each skill is designed to be independently executable, which is critical. This is not a pile of prompt templates that users have to stitch together themselves. Every skill internally encapsulates tool invocation, parameter validation, error handling, and result formatting. The Agent only needs to decide which one to call based on context.

Why This Feels So Much Like “Real Analyst Work”

You can tell from the code that the author has actually done the job. For example, in malware analysis, the most annoying part is not learning tools—it’s repeatedly going through the same decision chain:

Receive sample → check hash → determine whether it belongs to a known family → if not, run sandbox → if sandbox results look suspicious, move to static analysis → if static analysis stalls, switch to dynamic debugging.

In AnalystAIPack, this chain is explicitly encoded as dependencies between skills.

For example, there’s a skill called triage_unknown_sample whose internal logic roughly looks like this:

1. Calculate file SHA256
2. Query VT / MB / local intelligence databases
3. If a known family is matched -> call fetch_family_report
4. If no match -> trigger static_deep_scan and sandbox_detonate in parallel
5. Aggregate both result streams and hand them to the LLM for family inference
6. Output a structured report + candidate YARA rules

This explicit representation of the “default path in an analyst’s head” is the biggest value Skills have over a raw LLM. If you ask Claude or GPT-5 to analyze a sample directly, they’ll produce conclusions that sound plausible but lack engineering rigor. Put a Skill layer around them, and the output gains a structure that is both traceable and reproducible.

But Don’t Celebrate Too Early: Skills Are a New Attack Surface

This needs a reality check. Last month, Tencent Zhuque Lab released a report called “SkillTrustBench,” scanning over 50,000 Skills on ClawHub and finding that a significant proportion carried poisoning risks. Malicious Skills can disguise themselves as legitimate tools while secretly encrypting files, exfiltrating credentials, or even spawning reverse shells when invoked by an Agent.

Ironically, security analysis environments are exactly the kind of high-value targets these attacks want:

  • Analyst machines often contain real malware samples, internal intelligence database credentials, and customer data;
  • The analysis workflow itself already involves executing untrusted binaries, and combining sandbox escapes with Skill escapes amplifies risk exponentially;
  • A Skill that appears to “automatically generate YARA rules” could easily upload your sample repository to an external C2 server in the background.

The AnalystAIPack author mentions this issue in the README as well, recommending that all skills run in an isolated environment (Docker + gVisor is recommended, or dedicated analysis VMs), and adding explicit confirmation prompts for sensitive operations. But realistically, once someone forks the project and slips malicious additions into it, ordinary users will have a hard time telling.

Illustration of Agent Skill supply-chain poisoning attacks

Compared to Existing Solutions, Where Does It Stand?

AI tools for malware analysis have exploded over the past two years. Broadly speaking, there are three approaches:

  1. Closed-source SaaS platforms: VirusTotal’s Code Insight, Google’s Sec-Gemini, Elastic Security Labs’ internal LLM reverse engineering pipeline. Powerful, but you have to upload samples to someone else’s infrastructure, which many enterprise customers can’t do for compliance reasons;
  2. IDE plugin approach: Tools like GhidraMCP for Ghidra or aidapal for IDA. They embed LLMs directly into reverse engineering tools. Convenient, but tightly coupled to a single tool and weak at cross-tool collaboration;
  3. Agent Skill approach: AnalystAIPack is currently the most complete open-source implementation on this path. It’s tool-agnostic and model-agnostic—you can run it with Claude, GPT-5, DeepSeek-V4, Qwen3-Max, or others.

The strength of the third route is its flexibility. You can deploy the Skill package onto your own internal Agent infrastructure, use any model API you want, and keep all data inside your private network. For teams in China, using aggregation platforms like OpenAI Hub to switch between models is also convenient—one API key can cover GPT, Claude, Gemini, DeepSeek, and more. That’s especially useful for comparative malware analysis testing, since you don’t need separate accounts and quotas for each provider.

A Bigger Signal: Vertical Skill Packages Are Going to Explode

AnalystAIPack won’t be unique. Security just happened to move first because security analysts are already accustomed to writing tools, scripting workflows, and codifying knowledge into rules. Next, you’ll likely see:

  • Skill packages for the red team space (there are already a few semi-underground projects circulating);
  • DFIR (Digital Forensics and Incident Response) packages wrapping tools like Volatility, Plaso, and KAPE;
  • Threat hunting skills for generating and interpreting Splunk/Elastic queries.

And beyond security, industries with rigid workflows and strong rule systems—law, medical imaging, financial risk control—will likely benefit more from Skill packages than from generic Agents. Because the real challenge in professional domains is not making models “understand,” but making them operate according to industry-standard procedures. That’s exactly what Skills are good at.

Is It Worth Following?

If you work in security engineering, AnalystAIPack is absolutely worth cloning and exploring. You may not deploy it into production immediately, but the way it decomposes the analysis workflow is itself a valuable study in methodology. The author encoded many judgment sequences that normally only experienced analysts internalize, and junior analysts can learn a lot from following the implementation.

If you build Agent applications, the project’s skill organization strategy is worth studying: how to choose granularity, design dependencies, handle rollback and error recovery, and structure tool outputs for LLMs. Those engineering details are more valuable than “yet another Skill package.”

One final reminder: read the source code for every skill before installing anything. Don’t just pip install all 118 skills and call it a day. These days, Skills are part of the supply chain too.

References

Related Articles

View All

Contact Us

We usually reply quickly during business hours

Scan WeChat

Support: Hub Assistant

WeChat ID: