cypher-investigation

Official

Run custom OpenCypher queries for deep graph analysis.

Authordreadnode
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Prebuilt Bloodhound Enterprise tools cover common Active Directory graph queries, but they cannot answer bespoke questions that require custom graph traversals, ad-hoc relationship walks, or novel attack path patterns. This skill enables agents to write and run safe, scoped OpenCypher queries to fill those gaps.

Core Features & Use Cases

  • Guided Safe Query Workflow: Enforces best practices like mandatory LIMIT clauses, specific node label filtering, and default read-only execution to avoid performance issues or accidental graph mutation.
  • Leverage Curated Resources: Directs agents to use prebuilt tools and saved queries first, reducing redundant work and avoiding common edge case pitfalls like gMSA exclusion or domain scoping errors.
  • Use Case: For example, use this skill to run a custom query that finds all shortest attack paths from Domain Users to Tier Zero high-value assets, or identify all kerberoastable users with Domain Admin group membership that prebuilt tools do not expose.

Quick Start

Use the cypher-investigation skill to run a custom OpenCypher query that identifies all enabled kerberoastable users in the Tier Zero group.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: cypher-investigation
Download link: https://github.com/dreadnode/capabilities/archive/main.zip#cypher-investigation

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.