find-relevant-case
Search for existing cases related to specific indicators or entities. Use to find correlation with other investigations before starting new analysis. Takes search terms and returns matching case IDs.
Install with Tessl CLI
npx tessl i github:dandye/ai-runbooks --skill find-relevant-case75
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description adequately communicates the skill's purpose and when to use it, with a clear 'Use to...' clause that explains the workflow context. However, it could benefit from more specific trigger terms that users would naturally say and more concrete examples of what indicators or entities are supported to improve discoverability and reduce potential conflicts with other search-related skills.
Suggestions
Add natural trigger terms users would say, such as 'case lookup', 'find related cases', 'IOC search', 'threat correlation', or specific indicator types like 'IP address', 'hash', 'domain'
Specify the types of indicators or entities supported (e.g., 'IP addresses, file hashes, domains, email addresses') to improve specificity and distinctiveness
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (case search, investigations) and describes the action (search for cases, find correlation, returns matching case IDs), but lacks comprehensive detail about what types of indicators, entities, or investigations are supported. | 2 / 3 |
Completeness | Clearly answers both what (search for existing cases related to indicators/entities, returns matching case IDs) and when (to find correlation with other investigations before starting new analysis), with explicit usage guidance. | 3 / 3 |
Trigger Term Quality | Includes some relevant terms like 'cases', 'indicators', 'entities', 'investigations', and 'search terms', but missing common variations users might say like 'lookup', 'find case', 'case lookup', 'IOC', 'threat intel', or specific indicator types. | 2 / 3 |
Distinctiveness Conflict Risk | Reasonably specific to case/investigation search domain, but terms like 'search', 'entities', and 'correlation' could overlap with other search or analysis skills. The investigation context helps but isn't strongly distinctive. | 2 / 3 |
Total | 9 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is well-structured and concise, appropriately scoped for finding related cases. However, it falls short on actionability by not showing how to construct the filter or process results concretely, and lacks validation steps in the workflow for handling search failures or empty results.
Suggestions
Add a concrete example showing how to construct the filter from search terms (e.g., actual filter syntax for the list_cases tool)
Include executable code for Step 3 showing how to extract case IDs and summaries from the response
Add a validation checkpoint after Step 2 to handle empty results or API errors before proceeding to processing
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is lean and efficient, avoiding unnecessary explanations of concepts Claude would know. Every section serves a purpose with no padding or verbose descriptions. | 3 / 3 |
Actionability | Provides some concrete tool calls but they're incomplete - 'constructed_filter' is referenced without showing how to actually construct it. Step 3 says 'Extract case IDs' without showing the actual code to do so. | 2 / 3 |
Workflow Clarity | Steps are clearly sequenced but lack validation checkpoints. No explicit verification that the search succeeded before processing results, and no error handling guidance for when searches return unexpected results. | 2 / 3 |
Progressive Disclosure | For a skill of this size (~50 lines), the structure is appropriate with clear sections for inputs, workflow, outputs, and limitations. No unnecessary external references needed. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.