acquiring-disk-image-with-dd-and-dcfldd
Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.
64
76%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/acquiring-disk-image-with-dd-and-dcfldd/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, specific description that clearly identifies a forensic disk imaging capability with concrete tools and techniques. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill. The domain-specific terminology provides excellent distinctiveness and trigger term coverage.
Suggestions
Add a 'Use when...' clause, e.g., 'Use when the user needs to create forensic disk images, clone drives for evidence preservation, or asks about dd/dcfldd for forensic acquisition.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'bit-for-bit disk images', 'using dd and dcfldd', 'preserving evidence integrity', 'hash verification'. These are concrete, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers 'what does this do' (create forensic disk images with dd/dcfldd and hash verification), but lacks an explicit 'Use when...' clause specifying when Claude should select this skill. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'disk images', 'dd', 'dcfldd', 'forensic', 'bit-for-bit', 'hash verification', 'evidence integrity'. These are terms a forensics practitioner would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche: forensic disk imaging with specific tools (dd, dcfldd) and forensic-specific concepts (evidence integrity, hash verification). Very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
70%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a highly actionable and well-structured forensic imaging skill with excellent workflow clarity and validation checkpoints throughout. Its main weaknesses are verbosity—including reference tables and scenario descriptions that inflate token usage—and a completely monolithic structure with no progressive disclosure despite being a lengthy document. Trimming the explanatory tables and splitting reference material into separate files would significantly improve it.
Suggestions
Move the Key Concepts table, Tools & Systems table, and Common Scenarios into separate reference files (e.g., REFERENCE.md, SCENARIOS.md) and link to them from the main skill.
Remove or drastically reduce the Key Concepts table—Claude already knows what a hash, write blocker, and chain of custody are.
Add a brief 'Quick Reference' section at the top with the single most common dcfldd command, then let the detailed steps follow for complex cases.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is fairly comprehensive but includes some unnecessary content like the Key Concepts and Tools & Systems tables that explain things Claude already knows (what a hash is, what dd does, what lsblk is). The Common Scenarios section adds bulk with somewhat redundant information. However, the core workflow steps are reasonably efficient. | 2 / 3 |
Actionability | Every step includes fully executable, copy-paste-ready bash commands with realistic paths, flags, and options. The commands cover multiple variations (dd vs dcfldd, compressed vs uncompressed, split vs single file) and include concrete output expectations. | 3 / 3 |
Workflow Clarity | The 6-step workflow is clearly sequenced with explicit validation checkpoints: pre-hashing the source (Step 2), post-acquisition hash verification with diff comparison (Step 5), re-hashing the source to confirm no changes, and dcfldd's built-in verification pass. Error recovery is addressed with conv=noerror,sync and error logging. | 3 / 3 |
Progressive Disclosure | The content is a monolithic wall of text with no references to external files. The Key Concepts table, Tools & Systems table, Common Scenarios, and Output Format sections could all be separated into reference files. For a skill this long (200+ lines), the lack of any content splitting or navigation structure is a significant weakness. | 1 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
9a588e6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.