HeadlinesBriefing favicon HeadlinesBriefing.com

AnalystAIPack: 118 Runnable AI Skills for Malware Analysis

Hacker News •
×

General-purpose AI agents reliably produce confident-sounding but useless advice when analyzing suspicious executables. They suggest non-existent plugins or skip critical steps like Volatility 3 memory analysis and Sigma rule creation. AnalystAIPack closes this gap with a focused library of 118 runnable agent skills covering real malware analysis workflows.

The Apache-2.0 library organizes skills into four subdomains: lab foundations, malware analysis, reverse engineering, and threat hunting. Unlike prompt collections, every skill ships with tested Python scripts that perform actual analysis, leveraging standard library tools and degrading gracefully when dependencies are missing. A repo-wide smoke-test harness and CI gates ensure reliability.

Safety is baked in rather than added later. All scripts perform static, read-only analysis without executing samples. IOCs emerge defanged (hxxp://, 1[.]2[.]3[.]4), and sample-handling skills include explicit safety documentation. The skills map to MITRE ATT&CK, D3FEND, and CAR frameworks, giving agents proper context for technique boundaries and detection engineering.

Skills chain together for complete investigations: triage unknown files, perform static PE analysis, detect packing, unpack binaries, extract C2 configs, defang IOCs, hunt across telemetry, and generate Sigma rules. The analyst-pack CLI or GitHub Copilot integration lets analysts run complete workflows with structured JSON output feeding each step. The library is available now at github.com/meltedinhex/analyst-ai-pack.