CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-android-malware-with-apktool

Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.

52

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

47%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill body is concise and well-sequenced but falls short on actionability and discovery: it contains no executable commands in the main body and never references the bundled agent.py or api-reference.md files that hold the real implementation.

Suggestions

Add a concrete runnable example in the body, e.g. `python scripts/agent.py sample.apk full` with a snippet of expected output, so the core steps are copy-paste ready.

Explicitly link the bundle files — e.g. 'See [references/api-reference.md](references/api-reference.md) for function details and [scripts/agent.py](scripts/agent.py) for the runnable agent.'

Add a validation/sanity-check step to the workflow, such as confirming the APK parses cleanly and reviewing the risk score before reporting, to introduce an explicit feedback loop.

DimensionReasoningScore

Conciseness

The body is lean and efficient: short Overview, bullet prerequisites, a numbered 7-step list, and a compact Expected Output section with no padding or explanation of concepts Claude already knows.

3 / 3

Actionability

The body itself gives no executable code or commands — steps like 'Parse APK with androguard' and 'Scan for suspicious API calls' are abstract descriptions rather than copy-paste-ready instructions, even though the runnable code lives in scripts/agent.py and references/api-reference.md.

1 / 3

Workflow Clarity

The seven steps are clearly sequenced, but there are no validation checkpoints or error-recovery feedback loops for a destructive/batch-style analysis pipeline, which caps workflow clarity at 2.

2 / 3

Progressive Disclosure

Bundle files (references/api-reference.md, scripts/agent.py) exist and are real, but the SKILL.md body never signals or links to them, so the overview-to-detail navigation the rubric rewards is missing.

2 / 3

Total

8

/

12

Passed

Description

67%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific and distinctive with concrete, multi-tool actions, but it omits an explicit 'Use when...' trigger clause and relies on somewhat formal rather than natural user phrasing.

Suggestions

Add an explicit trigger clause, e.g. 'Use when analyzing a suspicious Android .apk file, decompiling malware, or recovering Java source from an APK.'

Include natural user-facing terms like '.apk files', 'decompile Android app', and 'reverse engineer APK' alongside the technical terminology.

DimensionReasoningScore

Specificity

Lists multiple concrete actions across three distinct tools: 'decompilation' via apktool, 'Java source recovery' via jadx, and 'permission analysis, manifest inspection, and suspicious API call detection' via androguard.

3 / 3

Completeness

It clearly states what the skill does but lacks an explicit 'Use when...' trigger clause, so the 'when should Claude use it' half is only implied — which caps completeness at 2 per the guidelines.

2 / 3

Trigger Term Quality

Contains relevant terms like 'Android APK malware samples', 'permission analysis', and 'manifest inspection', but uses formal phrasing rather than the natural keywords a user would say (e.g. 'reverse engineer an APK', 'decompile Android app'), and omits common variations like '.apk files'.

2 / 3

Distinctiveness Conflict Risk

The narrow niche of static analysis of Android APK malware with named tools (apktool, jadx, androguard) gives it distinct triggers unlikely to conflict with other skills.

3 / 3

Total

10

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.