cypher-investigation
OfficialRun custom OpenCypher queries for deep graph analysis.
Data & Analytics#security analysis#cypher#opencypher#active directory#attack paths#graph investigation#bloodhound enterprise
Authordreadnode
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Prebuilt Bloodhound Enterprise tools cover common Active Directory graph queries, but they cannot answer bespoke questions that require custom graph traversals, ad-hoc relationship walks, or novel attack path patterns. This skill enables agents to write and run safe, scoped OpenCypher queries to fill those gaps.
Core Features & Use Cases
- Guided Safe Query Workflow: Enforces best practices like mandatory LIMIT clauses, specific node label filtering, and default read-only execution to avoid performance issues or accidental graph mutation.
- Leverage Curated Resources: Directs agents to use prebuilt tools and saved queries first, reducing redundant work and avoiding common edge case pitfalls like gMSA exclusion or domain scoping errors.
- Use Case: For example, use this skill to run a custom query that finds all shortest attack paths from Domain Users to Tier Zero high-value assets, or identify all kerberoastable users with Domain Admin group membership that prebuilt tools do not expose.
Quick Start
Use the cypher-investigation skill to run a custom OpenCypher query that identifies all enabled kerberoastable users in the Tier Zero group.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: cypher-investigation Download link: https://github.com/dreadnode/capabilities/archive/main.zip#cypher-investigation Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.