CtrlK
BlogDocsLog inGet started
Tessl Logo

active-directory-attacks

Provide comprehensive techniques for attacking Microsoft Active Directory environments. Covers reconnaissance, credential harvesting, Kerberos attacks, lateral movement, privilege escalation, and domain dominance for red team operations and penetration testing.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Critical

Do not install without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is highly actionable with executable commands and reasonable structure, but it is hampered by redundancy, missing validation feedback loops on destructive/batch operations, and a monolithic body that underuses progressive disclosure.

Suggestions

Add explicit validation/feedback checkpoints to destructive and batch workflows (e.g., verify DC reachability and account-lockout thresholds before spraying; confirm DCSync replication rights before extraction; validate forged-ticket success before lateral movement).

Reduce redundancy by either removing the Quick Reference table or the in-body command duplicates, and replace the boilerplate 'When to Use' line with genuine applicability guidance.

Move detailed CVE exploitation sections and the worked examples into separate reference files (e.g., references/cve-exploits.md, references/walkthroughs.md) referenced from a leaner overview to improve progressive disclosure.

DimensionReasoningScore

Conciseness

Prose is lean and mostly code/commands, but the Quick Reference table duplicates commands already shown, the Essential Tools table repeats the Inputs tool list, and the 'When to Use' line is boilerplate; it earns level 2 rather than the every-token-counts level 3.

2 / 3

Actionability

Throughout the body it gives copy-paste-ready, executable commands and concrete tool invocations (e.g., GetUserSPNs.py, secretsdump.py, kerberos::golden), matching the fully-executable top anchor.

3 / 3

Workflow Clarity

There is a sequenced Core Workflow and some checks (clock-skew detection, SMB signing check, ZeroLogon password restore), but batch/destructive operations like password spraying, ZeroLogon, Golden Ticket, and DCSync lack explicit validate->fix->retry feedback loops, which the guidelines cap at 2.

2 / 3

Progressive Disclosure

A real one-level reference exists and is signaled once (references/advanced-attacks.md), but the ~390-line body is largely monolithic with inline content (every attack family, CVEs, examples) that could be split into referenced files, so it does not reach the well-split level 3.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, distinctive, and rich in natural trigger terms, but it omits any explicit 'Use when...' guidance, which caps completeness and slightly limits its triggerability.

Suggestions

Append an explicit 'Use when...' clause (e.g., 'Use when assessing Active Directory security, performing AD red team operations, or when the user mentions Kerberos, DCSync, BloodHound, or domain dominance.') to lift completeness to 3.

Keep the concrete action list but ensure the when-triggers mirror the natural terms already present to avoid adding fluff.

DimensionReasoningScore

Specificity

Lists multiple concrete actions ('reconnaissance, credential harvesting, Kerberos attacks, lateral movement, privilege escalation, and domain dominance') in third-person voice ('Provide', 'Covers'), matching the highest anchor rather than the partial coverage of level 2.

3 / 3

Completeness

Clearly states what the skill does but provides no explicit 'Use when...' trigger clause, which the guidelines cap at 2; it does not reach level 3's requirement of explicit when-triggers.

2 / 3

Trigger Term Quality

Includes natural domain terms users would say ('Active Directory', 'Kerberos', 'red team operations', 'penetration testing') with good coverage, not just jargon, so it sits at the top anchor.

3 / 3

Distinctiveness Conflict Risk

A clear, narrow niche (attacking Microsoft Active Directory) with distinct triggers unlikely to overlap with unrelated skills, matching the top anchor.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
boisenoise/skills-collections
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.