analyzing-android-malware-with-apktool
Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.
48
52%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-android-malware-with-apktool/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, highly specific description that clearly identifies the domain (Android APK malware analysis), concrete actions (decompilation, source recovery, permission analysis, manifest inspection, API call detection), and specific tools. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill.
Suggestions
Add a 'Use when...' clause such as 'Use when the user asks to analyze an Android APK, reverse engineer a mobile app, inspect APK permissions, or investigate potential Android malware.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'decompilation', 'Java source recovery', 'permission analysis', 'manifest inspection', and 'suspicious API call detection', along with specific tools (apktool, jadx, androguard). | 3 / 3 |
Completeness | Clearly answers 'what does this do' with detailed capabilities, but lacks an explicit 'Use when...' clause or equivalent trigger guidance, which caps this dimension at 2 per the rubric guidelines. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords a user would say: 'Android', 'APK', 'malware', 'static analysis', 'decompilation', 'permissions', 'manifest', plus specific tool names (apktool, jadx, androguard) that users familiar with the domain would reference. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche combining Android APK malware analysis with specific tools; very unlikely to conflict with other skills given the narrow domain of mobile malware reverse engineering. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads as a high-level outline or table of contents rather than an actionable skill. It names the right tools (androguard, apktool, jadx) and describes a reasonable analysis workflow, but provides zero executable code, no CLI commands, no example output, and no validation steps. Claude would not be able to follow this skill to produce a malware analysis report without relying entirely on its own prior knowledge, which defeats the purpose of a skill file.
Suggestions
Add executable Python code examples for each major step, especially androguard API usage for parsing the APK, extracting permissions, and scanning for suspicious API calls.
Include concrete CLI commands for apktool (e.g., `apktool d sample.apk -o output_dir`) and jadx (e.g., `jadx -d src_output sample.apk`) with expected output descriptions.
Add validation checkpoints after key steps, such as verifying the APK was successfully decompiled, checking that the manifest was parsed correctly, and validating the output JSON schema.
Replace the generic 'When to Use' section with a concrete example showing sample input (an APK) and expected output (a JSON report with specific fields), making the skill immediately actionable.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The 'When to Use' section is generic boilerplate that adds no value (e.g., 'When SOC analysts need structured procedures for this analysis type'). The overview explains what static analysis is, which Claude already knows. However, the steps and prerequisites are reasonably concise. | 2 / 3 |
Actionability | There is no executable code, no concrete commands, no example scripts, and no specific tool invocations. The steps are entirely descriptive ('Parse APK with androguard to extract manifest metadata') without showing how to do any of it. For a skill involving apktool, jadx, and androguard, the absence of any code or CLI commands is a critical gap. | 1 / 3 |
Workflow Clarity | The steps are listed as a numbered sequence but lack any validation checkpoints, error handling, or feedback loops. There's no guidance on what to do if parsing fails, no verification that decompilation succeeded, and no concrete commands to execute at each step. For a multi-step analysis workflow involving potentially malformed malware samples, this is insufficient. | 1 / 3 |
Progressive Disclosure | The content is organized into clear sections (Overview, When to Use, Prerequisites, Steps, Expected Output), which provides basic structure. However, there are no bundle files or references to supporting materials, and the content that exists is too thin to warrant splitting. The inline content itself lacks the depth that would benefit from progressive disclosure. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
0445030
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.