find-relevant-case
Search for existing cases related to specific indicators or entities. Use to find correlation with other investigations before starting new analysis. Takes search terms and returns matching case IDs.
75
70%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/find-relevant-case/SKILL.mdQuality
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description adequately explains the skill's purpose and when to use it, with clear input/output expectations (search terms in, case IDs out). However, it lacks domain-specific terminology that would help distinguish it from generic search skills and could include more natural trigger terms users would actually say when needing this functionality.
Suggestions
Add domain context (e.g., 'security investigations', 'threat hunting', 'incident response') to improve distinctiveness and reduce conflict with generic search skills.
Include more natural trigger term variations like 'lookup case', 'find related cases', 'IOC search', 'check existing investigations', or specific indicator types (IP, hash, domain).
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (case search, investigations) and describes the action (search for cases, find correlation, returns matching case IDs), but lacks comprehensive detail about what types of indicators, entities, or investigations are supported. | 2 / 3 |
Completeness | Clearly answers both what (search for existing cases related to indicators/entities, returns matching case IDs) and when (before starting new analysis, to find correlation with other investigations). Has explicit trigger guidance with 'Use to find correlation'. | 3 / 3 |
Trigger Term Quality | Includes some relevant terms like 'cases', 'indicators', 'entities', 'investigations', and 'search terms', but missing common variations users might say like 'lookup', 'find case', 'case lookup', 'IOC', 'threat intel', or specific indicator types. | 2 / 3 |
Distinctiveness Conflict Risk | Somewhat specific to case/investigation search domain, but terms like 'search', 'entities', and 'correlation' could overlap with other search or analysis skills. Could benefit from more specific domain markers (e.g., security, SIEM, threat hunting). | 2 / 3 |
Total | 9 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is well-structured and concise, appropriately scoped for case searching. However, it lacks concrete examples of filter construction and validation steps to verify search results actually match the intended entities. The limitations section is a good addition but the workarounds are vague.
Suggestions
Add a concrete example showing how to construct the filter object for list_cases with actual search terms
Include a validation step to verify returned cases actually contain the searched entities before adding to RELEVANT_CASE_IDS
Provide an example of the expected output format for RELEVANT_CASE_SUMMARIES
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is lean and efficient, avoiding unnecessary explanations of basic concepts. Every section serves a purpose and assumes Claude understands SOAR tools and case management. | 3 / 3 |
Actionability | Provides tool call examples but they're incomplete - 'constructed_filter' is referenced but never shown how to build it. The workflow describes what to do but lacks concrete filter construction examples. | 2 / 3 |
Workflow Clarity | Steps are clearly sequenced but lack validation checkpoints. No guidance on what to do if list_cases fails, no verification that results actually contain the searched entities before returning them. | 2 / 3 |
Progressive Disclosure | For a skill of this size (~50 lines), the structure is appropriate with clear sections for inputs, workflow, outputs, and limitations. No need for external file references given the scope. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- dandye/ai-runbooks
- Commit
4d132c7
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.