acquiring-disk-image-with-dd-and-dcfldd
Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.
83
80%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/acquiring-disk-image-with-dd-and-dcfldd/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, specific description that clearly identifies a niche forensic disk imaging capability with concrete tools and actions. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill. The domain-specific terminology serves as effective natural trigger terms.
Suggestions
Add a 'Use when...' clause, e.g., 'Use when the user needs to create forensic disk images, clone drives for evidence preservation, or mentions dd, dcfldd, or forensic imaging.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'bit-for-bit disk images', 'using dd and dcfldd', 'preserving evidence integrity', 'hash verification'. These are concrete, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers 'what does this do' (create forensically sound disk images using dd/dcfldd with hash verification), but lacks an explicit 'Use when...' clause specifying when Claude should select this skill. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords a user would say: 'disk images', 'dd', 'dcfldd', 'forensically sound', 'bit-for-bit', 'hash verification', 'evidence integrity'. These cover the forensic imaging domain well with both tool names and domain terminology. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche combining digital forensics, specific tools (dd, dcfldd), disk imaging, and evidence integrity. Very unlikely to conflict with other skills due to the specialized forensic focus. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, highly actionable forensic disk imaging skill with excellent workflow clarity and explicit validation checkpoints at every critical stage. Its main weaknesses are verbosity from reference tables and scenario descriptions that Claude doesn't need inline, and a monolithic structure that could benefit from progressive disclosure via external reference files. The core workflow commands are exemplary in their specificity and forensic rigor.
Suggestions
Move the Key Concepts and Tools & Systems tables to a separate REFERENCE.md file and link to it, as Claude already understands these concepts.
Trim or remove the Common Scenarios section—the workflow steps already demonstrate these use cases through their executable examples.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary content like the Key Concepts and Tools & Systems tables that explain things Claude already knows (what a write blocker is, what SHA-256 does, what dd is). The Common Scenarios section adds bulk with somewhat redundant narrative descriptions. However, the core workflow commands are lean and well-structured. | 2 / 3 |
Actionability | Every step provides fully executable, copy-paste-ready bash commands with specific flags, paths, and options. The commands cover multiple real scenarios (basic dd, dcfldd with hashing, split images, compressed images, remote acquisition) and include concrete output expectations. | 3 / 3 |
Workflow Clarity | The 6-step workflow is clearly sequenced from device identification through write protection, documentation, acquisition, verification, and final reporting. Explicit validation checkpoints are present: pre-hashing source, post-hashing image, diff comparison of hashes, re-hashing source to confirm no changes, and error logging throughout. The feedback loop of verify-then-proceed is well established. | 3 / 3 |
Progressive Disclosure | The content is a monolithic document with no references to external files for advanced topics. The Key Concepts table, Tools & Systems table, Common Scenarios, and Output Format sections could be split into separate reference files. The document is quite long and would benefit from a concise overview pointing to detailed materials. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
c15f73d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.