eicar-test
Test skill containing EICAR test file for malware detection
45
14%
Does it follow best practices?
Impact
100%
1.17xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./evals/test_skills/malicious/eicar-test/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is very weak — it reads more like a label or file inventory note than a functional skill description. It fails to describe concrete actions the skill performs and completely lacks a 'Use when...' clause, making it difficult for Claude to know when to select this skill.
Suggestions
Add concrete action verbs describing what the skill does, e.g., 'Generates EICAR test strings for validating antivirus and malware detection configurations.'
Add an explicit 'Use when...' clause, e.g., 'Use when the user needs to test antivirus software, validate malware detection pipelines, or generate EICAR test patterns.'
Include natural trigger term variations such as 'antivirus testing', 'virus scanner validation', 'security test file', 'EICAR string' to improve discoverability.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description is vague — it says 'containing EICAR test file for malware detection' but does not describe any concrete actions the skill performs. There are no verbs indicating what the skill does (e.g., generates, scans, validates). | 1 / 3 |
Completeness | The description weakly addresses 'what' (contains an EICAR test file) but does not explain what the skill actually does with it, and there is no 'when' clause or explicit trigger guidance at all. | 1 / 3 |
Trigger Term Quality | It includes some relevant keywords like 'EICAR', 'malware detection', and 'test file' that a user familiar with security testing might use, but it lacks common variations or broader natural language terms users might say (e.g., 'antivirus test', 'virus scanner test', 'security testing'). | 2 / 3 |
Distinctiveness Conflict Risk | The mention of 'EICAR test file' is fairly niche and unlikely to conflict with most other skills, but the lack of specificity about what the skill does could cause confusion with other security-related skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a description rather than an actionable skill. It explains what the EICAR test file is (which Claude already knows) but provides zero instructions on how to use it, no code examples, no commands, and no workflow for testing the VirusTotal integration it mentions. It fails on nearly every dimension of the rubric.
Suggestions
Add concrete, executable steps for how to use the EICAR test file with the VirusTotal binary file scanner (e.g., specific commands or API calls).
Remove the explanatory text about what EICAR is and replace it with actionable instructions — Claude already knows what EICAR test files are.
Include the actual asset file path and provide a clear workflow: e.g., 1. Locate the EICAR file, 2. Submit to VirusTotal, 3. Validate the detection result.
If the assets folder contains supporting files, reference them explicitly with relative paths so Claude can locate and use them.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content explains what the EICAR test file is and what it does — information Claude already knows. The sentence 'It is NOT a virus but is detected by all antivirus software as malware' is unnecessary context padding. The entire body is descriptive rather than instructional. | 1 / 3 |
Actionability | There are no concrete instructions, commands, code examples, or executable guidance. The skill merely describes what the EICAR file is and states a vague purpose without telling Claude what to do with it or how to use it. | 1 / 3 |
Workflow Clarity | There is no workflow, no steps, no sequence of actions, and no validation checkpoints. The skill provides no guidance on how to actually perform the testing task it describes. | 1 / 3 |
Progressive Disclosure | The content is short and has some section structure (heading + Purpose section), but it mentions an 'assets folder' without linking to it or providing any file references. No bundle files are provided to support the referenced assets. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- cisco-ai-defense/skill-scanner
- Commit
ff708ea
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.