implementing-honeytokens-for-breach-detection

Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries, document beacons, database records) that trigger alerts when accessed by attackers. Uses the Canarytokens API and custom webhook integrations for breach detection. Use when building deception-based early warning systems for intrusion detection.

mukul975/Anthropic-Cybersecurity-Skills|Updated May 25, 2026

Works with

Claude CodeCursorClineWindsurf

Installation Guide

Select your AI agent

How to use implementing-honeytokens-for-breach-detection on Cursor

AI-first code editor with Composer

Prerequisites

Before installing skills in Cursor, ensure your development environment meets these requirements:

›Cursor installed and configured on your machine
›Node.js 16+ with npm — verify with node --version
›Active project directory where you want to add implementing-honeytokens-for-breach-detection

Run the install command

Execute the skills CLI command in your project's root directory to begin installation:

$npx skills install mukul975/Anthropic-Cybersecurity-Skills/implementing-honeytokens-for-breach-detection

Fetches implementing-honeytokens-for-breach-detection from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.

Select Cursor when prompted

The CLI shows a list of agents. Use arrow keys and space to select Cursor:

◆ Which agents do you want to install to?

│

│ ── Universal (.agents/skills) ────────────────

│ · Cline · Codex · Goose · Windsurf

│ ●Cursor(selected)

│ · Cursor · Aider · Continue

Verify installation

Confirm successful installation by checking the skill directory location:

.cursor/skills/implementing-honeytokens-for-breach-detection

Restart Cursor to activate implementing-honeytokens-for-breach-detection. Access via /implementing-honeytokens-for-breach-detection in your agent's command palette.

⚠

Security Notice

We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.

Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.

›View source on GitHub ›Skills CLI docs ›About Cursor ›What are agent skills?

Documentation

List & Monetize Your Skill

Submit your Claude Code skill and start earning

Get started →

Use Cases

Task Automation & Efficiency

Automate repetitive workflows and reduce manual effort

Example

Generate reports, summarize documents, draft communications

✓

Save 3-5 hours per week on routine tasks

Knowledge Enhancement

Learn new skills, understand complex topics, get expert guidance

Example

Explain concepts, provide examples, suggest learning resources

✓

Accelerate learning and skill development by 2x

Quality Improvement

Enhance output quality through reviews, suggestions, and refinements

Example

Review drafts, suggest improvements, catch errors

✓

Improve work quality by 30-40% with less effort

When to Use

When deploying or configuring implementing honeytokens for breach detection capabilities in your environment

When establishing security controls aligned to compliance requirements

When building or improving security architecture for this domain

When conducting security assessments that require this implementation

Instructions

Deploy honeytokens across critical systems to detect unauthorized access. Each token type alerts via webhook when triggered by an attacker.

import requests # Create a DNS canary token via Canarytokens resp = requests.post("https://canarytokens.org/generate", data={ "type": "dns", "email": "[email protected]", "memo": "Production DB server honeytoken", }) token = resp.json() print(f"DNS token: {token['hostname']}")

Token types to deploy:

AWS credential files (~/.aws/credentials) with canary keys

DNS tokens embedded in configuration files

Document beacons (Word/PDF) in sensitive file shares

Database honeytoken records in user tables

Web bugs in internal wiki/documentation pages

# Generate a fake AWS credentials file with canary token aws_creds = f"[default]\naws_access_key_id = {canary_key_id}\naws_secret_access_key = {canary_secret}\n" with open("/opt/backup/.aws/credentials", "w") as f: f.write(aws_creds)

name	implementing-honeytokens-for-breach-detection
description	'Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries, document beacons, database records) that trigger alerts when accessed by attackers. Uses the Canarytokens API and custom webhook integrations for breach detection. Use when building deception-based early warning systems for intrusion detection. '
domain	cybersecurity
subdomain	security-operations
tags	- implementing - honeytokens - for - breach
version	'1.0'
author	mahipal
license	Apache-2.0
nist_csf	- DE.CM-01 - RS.MA-01 - GV.OV-01 - DE.AE-02

implementing-honeytokens-for-breach-detection

Installation Guide

How to use implementing-honeytokens-for-breach-detection on Cursor

Prerequisites

Run the install command

Select Cursor when prompted

Verify installation

Security Notice

Documentation

List & Monetize Your Skill

Use Cases

Task Automation & Efficiency

Knowledge Enhancement

Quality Improvement

Install Skill

Implementing Honeytokens for Breach Detection

When to Use

Prerequisites

Instructions

Examples

Implementation Guide

Best Practices

When to Use This

Learning Path

Related Skills

performing-cryptographic-audit-of-application

exploiting-deeplink-vulnerabilities

implementing-soar-playbook-with-palo-alto-xsoar

analyzing-network-traffic-with-wireshark

scanning-docker-images-with-trivy

generating-threat-intelligence-reports

Reviews

Discussion