forensics-data-collector
Forensics Data Collector - Auto-activating skill for Security Advanced. Triggers on: forensics data collector, forensics data collector Part of the Security Advanced skill category.
35
Quality
3%
Does it follow best practices?
Impact
95%
1.07xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/forensics-data-collector/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is severely lacking in substance. It reads like auto-generated boilerplate that only states the skill's name and category without explaining any actual capabilities. A user or Claude would have no idea what this skill does, what data it collects, or in what forensic scenarios it should be applied.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Collects memory dumps, disk images, network logs, and system artifacts for security incident investigation'
Include a proper 'Use when...' clause with natural trigger terms like 'incident response', 'security breach', 'collect evidence', 'memory analysis', 'disk forensics'
Remove the redundant duplicate trigger term and expand to cover variations users would naturally say when needing forensic data collection
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. 'Forensics Data Collector' is just a name, and 'Auto-activating skill for Security Advanced' provides no information about what the skill actually does. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' entirely - there are no capabilities listed. The 'when' is technically present via 'Triggers on' but is circular and unhelpful, just repeating the skill name. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'forensics data collector' repeated twice, which is redundant and overly specific. Missing natural variations users might say like 'collect evidence', 'security logs', 'incident data', 'memory dump', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'forensics data collector' is fairly specific to a security/forensics domain, which provides some distinctiveness. However, without knowing what it actually does, it could overlap with other security or data collection skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a placeholder template with no substantive content. It describes what a forensics data collector skill would do without providing any actual guidance, tools, commands, or procedures. The content fails on all dimensions by being verbose yet empty of actionable information.
Suggestions
Add specific forensics tools and commands (e.g., dd for disk imaging, volatility for memory analysis, tcpdump for network capture) with executable examples
Define a clear workflow for forensics data collection: evidence identification → preservation → acquisition → validation with specific validation commands
Include concrete code examples for common forensics tasks like creating disk images, capturing memory dumps, or collecting log files
Reference external documentation or create separate files for specific forensics domains (disk forensics, memory forensics, network forensics)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific about forensics data collection. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that waste tokens without adding value. | 1 / 3 |
Actionability | No concrete code, commands, tools, or specific procedures are provided. The skill describes what it does in abstract terms but gives zero executable guidance on how to actually collect forensics data. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps, no sequence, no validation checkpoints. The 'step-by-step guidance' mentioned in capabilities is never actually provided. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of vague descriptions with no references to detailed materials, no links to specific tools or documentation, and no structured navigation to deeper content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.