acquiring-disk-image-with-dd-and-dcfldd
Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.
83
80%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/acquiring-disk-image-with-dd-and-dcfldd/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, specific description that clearly identifies a niche forensic disk imaging capability with concrete tools and actions. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill. The domain-specific terminology serves as effective natural trigger terms.
Suggestions
Add a 'Use when...' clause, e.g., 'Use when the user needs to create forensic disk images, clone drives for evidence preservation, or mentions dd, dcfldd, or forensic imaging.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'bit-for-bit disk images', 'using dd and dcfldd', 'preserving evidence integrity', 'hash verification'. These are concrete, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers 'what does this do' (create forensically sound disk images using dd/dcfldd with hash verification), but lacks an explicit 'Use when...' clause specifying when Claude should select this skill. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords a user would say: 'disk images', 'dd', 'dcfldd', 'forensically sound', 'bit-for-bit', 'hash verification', 'evidence integrity'. These cover the forensic imaging domain well with both tool names and domain terminology. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche combining digital forensics, specific tools (dd, dcfldd), disk imaging, and evidence integrity. Very unlikely to conflict with other skills due to the specialized forensic focus. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, highly actionable forensic disk imaging skill with excellent workflow clarity and explicit validation checkpoints throughout the chain of custody process. Its main weaknesses are verbosity from reference tables and scenario descriptions that explain concepts Claude already knows, and a monolithic structure that would benefit from splitting supplementary content into linked reference files.
Suggestions
Move the Key Concepts and Tools & Systems tables to a separate REFERENCE.md file and link to it, as Claude already understands these concepts.
Trim or remove the Common Scenarios section—the workflow steps already demonstrate the primary use case, and the scenarios mostly restate what's already covered.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary content like the Key Concepts and Tools & Systems tables that explain things Claude already knows (what a write blocker is, what SHA-256 does, what dd is). The Common Scenarios section adds bulk with somewhat redundant narrative descriptions. However, the core workflow commands are lean and well-structured. | 2 / 3 |
Actionability | Every step contains fully executable, copy-paste-ready bash commands with realistic paths, flags, and options. The commands cover both dd and dcfldd with proper forensic flags (conv=noerror,sync, hash options, split options), and include concrete examples for compressed images, split images, and verification. | 3 / 3 |
Workflow Clarity | The 6-step workflow is clearly sequenced from device identification through write protection, documentation, acquisition, verification, and reporting. It includes explicit validation checkpoints: pre-hashing the source, post-hashing the image, diffing hashes, re-hashing the source to confirm no changes, and error logging. The feedback loop of hash comparison is well-defined. | 3 / 3 |
Progressive Disclosure | The content is a monolithic document with no references to external files for advanced topics. The Key Concepts table, Tools & Systems table, Common Scenarios, and Output Format sections could be split into separate reference files. For a skill of this length (~150+ lines of content), better progressive disclosure with linked references would improve organization. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
888bbe4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.