Monitors dark web forums, marketplaces, paste sites, and ransomware leak sites for mentions of organizational assets, leaked credentials, threatened attacks, and threat actor communications to provide early warning intelligence. Use when establishing dark web monitoring coverage, investigating specific data breach claims, or enriching incident investigations with dark web context. Activates for requests involving dark web OSINT, leak site monitoring, credential exposure, Recorded Future dark web, or Tor hidden service intelligence.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionmonitoring-darkweb-sourcesExecute the skills CLI command in your project's root directory to begin installation:
Fetches monitoring-darkweb-sources from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate monitoring-darkweb-sources. Access via /monitoring-darkweb-sources in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | monitoring-darkweb-sources |
| description | 'Monitors dark web forums, marketplaces, paste sites, and ransomware leak sites for mentions of organizational assets, leaked credentials, threatened attacks, and threat actor communications to provide early warning intelligence. Use when establishing dark web monitoring coverage, investigating specific data breach claims, or enriching incident investigations with dark web context. Activates for requests involving dark web OSINT, leak site monitoring, credential exposure, Recorded Future dark web, or Tor hidden service intelligence. ' |
| domain | cybersecurity |
| subdomain | threat-intelligence |
| tags | - dark-web - OSINT - credential-monitoring - ransomware-leaks - Recorded-Future - SpiderFoot - CTI |
| version | 1.0.0 |
| author | team-cybersecurity |
| license | Apache-2.0 |
| nist_ai_rmf | - MEASURE-2.7 - MAP-5.1 - MANAGE-2.4 |
| atlas_techniques | - AML.T0070 - AML.T0066 - AML.T0082 |
| nist_csf | - ID.RA-01 - ID.RA-05 - DE.CM-01 - DE.AE-02 |
Use this skill when:
Do not use this skill without proper operational security measures — dark web browsing without isolation exposes analyst infrastructure to adversary counter-intelligence.
Configure dark web monitoring keywords in your CTI platform (e.g., Recorded Future Exposure module):
company.com, @company.com, company[dot]comMost commercial services (Flashpoint, Intel 471, Cybersixgill) crawl forums like XSS, Exploit[.]in, BreachForums, and Russian-language cybercriminal communities without analyst exposure.
For investigations requiring direct dark web access:
Environment setup:
Paste site monitoring (clearnet-accessible, no Tor required):
# Hunt paste sites via API
curl "https://psbdmp.ws/api/search/company.com" | jq '.data[].id'
curl "https://pastebin.com/search?q=company.com" # Rate-limited public search
Ransomware groups maintain .onion leak sites. Monitor these through commercial services rather than direct access. When a claim appears about your organization:
Known active ransomware leak site operators (as of early 2025): LockBit (disrupted Feb 2024), ALPHV/BlackCat (disrupted Dec 2023), Cl0p, RansomHub, Play.
For leaked credential monitoring:
When credential exposures are confirmed:
For each dark web finding:
| Term | Definition |
|---|---|
| Dark Web | Tor-accessible hidden services (.onion domains) not indexed by standard search engines; hosts both legitimate and criminal content |
| Paste Site | Clearnet text-sharing sites (Pastebin, Ghostbin) frequently used to publish stolen data or malware configurations |
| Ransomware Leak Site | .onion site operated by ransomware group to publish stolen victim data as extortion leverage |
| Operational Security (OPSEC) | Protecting analyst identity and organizational affiliation during dark web investigation |
| Credential Stuffing | Automated use of leaked username/password pairs against authentication systems |
| Stealer Logs | Data packages exfiltrated by infostealer malware containing saved browser credentials, cookies, and session tokens |
Prerequisites
Time Estimate
15-45 minutes depending on use case complexity
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
monitoring-darkweb-sources reduced setup friction for our internal harness; good balance of opinion and flexibility.
We added monitoring-darkweb-sources from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
Keeps context tight: monitoring-darkweb-sources is the kind of skill you can hand to a new teammate without a long onboarding doc.
Keeps context tight: monitoring-darkweb-sources is the kind of skill you can hand to a new teammate without a long onboarding doc.
I recommend monitoring-darkweb-sources for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
monitoring-darkweb-sources has been reliable in day-to-day use. Documentation quality is above average for community skills.
Solid pick for teams standardizing on skills: monitoring-darkweb-sources is focused, and the summary matches what you get after install.
monitoring-darkweb-sources is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
Useful defaults in monitoring-darkweb-sources — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
We added monitoring-darkweb-sources from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
showing 1-10 of 37