recon
Perform structured reconnaissance and attack surface enumeration for authorized penetration tests, CTF challenges, and bug bounty programs. Use when the user mentions 'recon,' 'reconnaissance,' 'enumerate,' 'attack surface,' 'subdomain enumeration,' 'port scan,' 'fingerprint,' 'asset discovery,' or needs to map a target's external footprint.
72
88%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its domain (security reconnaissance), lists concrete actions, and provides an explicit and comprehensive 'Use when...' clause with numerous natural trigger terms. It uses proper third-person voice and is well-scoped to avoid conflicts with other potential security-related skills. The description is concise yet thorough.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'structured reconnaissance,' 'attack surface enumeration,' and specifies contexts like 'authorized penetration tests, CTF challenges, and bug bounty programs.' These are concrete, domain-specific activities. | 3 / 3 |
Completeness | Clearly answers both 'what' (perform structured reconnaissance and attack surface enumeration for authorized pentests, CTFs, and bug bounties) and 'when' (explicit 'Use when...' clause with a comprehensive list of trigger terms and scenarios). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'recon,' 'reconnaissance,' 'enumerate,' 'attack surface,' 'subdomain enumeration,' 'port scan,' 'fingerprint,' 'asset discovery,' and 'external footprint.' These are terms a security professional or CTF participant would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche in offensive security reconnaissance. The specific trigger terms like 'subdomain enumeration,' 'port scan,' 'fingerprint,' and 'asset discovery' are unlikely to conflict with other skills. The scope is clearly bounded to recon/enumeration rather than exploitation or other security phases. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable reconnaissance skill with clear phased methodology, executable commands, and a well-defined output format. Its main strengths are the authorization gate, concrete tooling guidance, and structured report template. Weaknesses include some unnecessary explanation of concepts Claude already knows (WHOIS, dorking) and a monolithic structure that could benefit from splitting detailed content into supporting files.
Suggestions
Trim explanatory phrases like 'Gather information without touching the target directly' and 'for registrant, nameserver, and creation date info' — Claude knows what passive recon and WHOIS are.
Consider extracting the output report template and the detailed passive recon techniques into separate referenced files (e.g., REPORT_TEMPLATE.md, PASSIVE_TECHNIQUES.md) to improve progressive disclosure.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Generally efficient but includes some unnecessary framing (e.g., the 'Methodology' section headers and the references section add little value for Claude). The passive recon section could be tighter — Claude already knows what WHOIS is and what search engine dorking means. However, the concrete commands and structured phases keep it from being truly verbose. | 2 / 3 |
Actionability | Provides fully executable commands (dig, nmap, curl+jq pipeline, testssl.sh), specific tool names, concrete API endpoint paths to check, and a complete output template. The guidance is copy-paste ready and leaves little ambiguity about what to actually run. | 3 / 3 |
Workflow Clarity | The three-phase methodology (Passive → Active → Analysis) is clearly sequenced with an explicit authorization gate before any work begins. The escalation from passive to active recon is gated on 'explicit authorization only,' and the analysis phase includes prioritization criteria. The boundaries section serves as validation constraints throughout. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear sections, but everything is inline in a single file. The references at the bottom are just names without links or companion files. For a skill of this length (~100 lines of substantive content), some sections like the output format template or the detailed passive recon techniques could be split into referenced files for better organization. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
Total | 10 / 11 Passed | |
- Repository
- briiirussell/cybersecurity-skills
- Commit
2400590
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.