analyzing-android-malware-with-apktool
Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.
61
52%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-android-malware-with-apktool/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, technically specific description that clearly identifies the domain (Android APK malware analysis), the tools used, and the concrete actions performed. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill. The specificity and distinctiveness are excellent.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks to analyze an Android APK, reverse engineer a mobile app, or investigate potential Android malware.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'decompilation', 'Java source recovery', 'permission analysis', 'manifest inspection', and 'suspicious API call detection', along with specific tools (apktool, jadx, androguard). | 3 / 3 |
Completeness | Clearly answers 'what does this do' with detailed capabilities, but lacks an explicit 'Use when...' clause or equivalent trigger guidance, which caps this dimension at 2 per the rubric guidelines. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords a user would say: 'Android APK', 'malware', 'static analysis', 'decompilation', 'permission analysis', 'manifest inspection', plus specific tool names (apktool, jadx, androguard) that users familiar with the domain would reference. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche combining Android APK malware analysis with specific tools; very unlikely to conflict with other skills given the narrow domain of mobile malware reverse engineering. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads as a high-level outline or table of contents rather than actionable guidance. It completely lacks executable code examples (no androguard Python snippets, no apktool commands, no jadx usage), which is critical for a technical analysis skill. The steps describe what to do at a conceptual level but provide no concrete implementation that Claude could follow or adapt.
Suggestions
Add executable Python code examples using androguard for each major step (e.g., parsing the APK, extracting permissions, scanning for suspicious API calls), so Claude can actually perform the analysis.
Include concrete shell commands for apktool decompilation (e.g., `apktool d sample.apk -o output_dir`) and jadx usage (e.g., `jadx -d src_output sample.apk`).
Add validation checkpoints, such as verifying the APK was successfully parsed, checking that decompilation produced expected output directories, and validating the final JSON report structure.
Remove the generic 'When to Use' section and instead provide a concrete example showing sample input (an APK) and expected JSON output structure with specific fields and values.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content has some unnecessary filler (e.g., the 'When to Use' section with generic SOC analyst bullets adds little value for Claude, and the overview explains what static analysis is). However, it's not excessively verbose overall. | 2 / 3 |
Actionability | The skill provides no executable code, no concrete commands, and no specific examples. The 'Steps' section reads as a high-level description of what to do rather than how to do it—no androguard API calls, no apktool commands, no code snippets whatsoever. | 1 / 3 |
Workflow Clarity | While steps are listed in sequence, they lack any concrete commands, validation checkpoints, or error handling. There is no feedback loop for verifying results, and the steps are too abstract to guide execution of a multi-step analysis process. | 1 / 3 |
Progressive Disclosure | The content is organized into clear sections (Overview, Prerequisites, Steps, Expected Output), which provides some structure. However, there are no references to external files for detailed guidance, and the content is neither a concise overview pointing elsewhere nor a complete standalone guide. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
888bbe4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.