CtrlK
BlogDocsLog inGet started
Tessl Logo

acquiring-disk-image-with-dd-and-dcfldd

Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.

61

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with a well-sequenced, validated workflow, but it pads token budget explaining known concepts and fails to route readers to the existing reference and script bundle files.

Suggestions

Replace or trim the 'Key Concepts' and 'Tools & Systems' tables, which restate knowledge Claude already has, to reclaim token budget.

Add explicit one-level-deep links to the bundle, e.g. 'For full flag reference: see [api-reference.md](references/api-reference.md)' and reference scripts/agent.py where relevant.

DimensionReasoningScore

Conciseness

The workflow steps are lean and executable, but the 'Key Concepts' and 'Tools & Systems' tables re-explain concepts Claude already knows (chain of custody, write blocker, dd, lsblk), so it is mostly efficient with some unnecessary explanation.

2 / 3

Actionability

Every workflow step provides concrete, copy-paste-ready bash commands with specific flags (e.g., 'dcfldd if=/dev/sdb ... hash=sha256,md5 hashlog=...'), matching fully executable guidance.

3 / 3

Workflow Clarity

The six-step sequence is clearly ordered and includes explicit validation checkpoints: pre-hashing the source (Step 2), dcfldd's verify pass (Step 4), and post-acquisition hash comparison plus source re-hash (Step 5).

3 / 3

Progressive Disclosure

Bundle files references/api-reference.md and scripts/agent.py exist, but the body never signals or links to them, and API/tool reference content is kept inline, fitting 'references present but not clearly signaled; content that should be separate is inline'.

2 / 3

Total

10

/

12

Passed

Description

67%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific and distinct, naming concrete actions and tools, but it omits explicit 'when to use' trigger guidance and lacks common user phrasings, which caps completeness and trigger term quality.

Suggestions

Add an explicit 'Use when...' clause stating when Claude should invoke this skill (e.g., when the user needs to image a disk, clone a drive, or acquire forensic evidence).

Broaden trigger terms with natural user phrasings like 'image a drive', 'clone a disk', or 'forensic copy' alongside the current technical terms.

DimensionReasoningScore

Specificity

Phrases like 'Create forensically sound bit-for-bit disk images using dd and dcfldd' and 'preserving evidence integrity through hash verification' name multiple concrete actions with specific tools, matching the 'lists multiple specific concrete actions' anchor.

3 / 3

Completeness

It clearly states what the skill does but lacks any 'Use when...' clause or equivalent trigger guidance, so per the guideline a missing trigger caps completeness at 2.

2 / 3

Trigger Term Quality

Terms such as 'disk images', 'dd', 'dcfldd', and 'hash verification' are relevant and natural for the audience, but common user variations like 'image a drive', 'clone a disk', or 'forensic copy' are absent, fitting 'some relevant keywords but missing common variations'.

2 / 3

Distinctiveness Conflict Risk

The forensics-niche framing with named tools (dd, dcfldd) and 'bit-for-bit disk images' gives a clear niche with distinct triggers unlikely to conflict with other skills.

3 / 3

Total

10

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.