CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-api-gateway-access-logs

Parses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect BOLA/IDOR attacks, rate limit bypass, credential scanning, and injection attempts. Uses pandas for statistical analysis of request patterns and anomaly detection. Use when investigating API abuse or building API-specific threat detection rules.

68

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A concise, actionable body with executable code and a clear pattern list, but it functions more as a catalog than a sequenced workflow and fails to reference the rich bundle files that contain the real implementation depth. Tightening boilerplate and adding explicit links to the reference and script would lift it.

Suggestions

Add explicit navigation to the bundle: link scripts/agent.py as the full runnable implementation and references/api-reference.md for log fields, the OWASP API Top-10 detection table, and injection regex patterns.

Collapse or remove the redundant 'When to Use' section (it repeats the description) and trim generic 'Prerequisites' items so every token earns its place.

Provide a short sequenced workflow (load logs -> run detectors -> aggregate findings -> validate/sanity-check thresholds) with a validation checkpoint before reporting, since this is a batch analysis task.

DimensionReasoningScore

Conciseness

The body is mostly lean and avoids explaining concepts Claude knows, but the 'When to Use' section duplicates the description's triggers and 'Prerequisites' items like 'Familiarity with security operations concepts and tools' are generic boilerplate that could be tightened.

2 / 3

Actionability

Provides two fully executable, copy-paste pandas snippets (BOLA detection and 401-surge credential scanning) plus a specific numbered list of detection patterns, matching the 'Fully executable code/commands' anchor.

3 / 3

Workflow Clarity

The body reads as a pattern catalog rather than a sequenced workflow, and there are no validation or verification checkpoints for the analysis; the single action is only loosely sequenced.

2 / 3

Progressive Disclosure

Sections are reasonably well organized, but the body never signals or links to the substantial bundle files that exist (references/api-reference.md and scripts/agent.py), so the available deeper material is undiscoverable from the overview.

2 / 3

Total

9

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, third-person description that concisely states concrete capabilities and provides an explicit 'Use when' trigger with natural keywords. It clearly communicates both what the skill does and when to invoke it, with low conflict risk.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — 'detect BOLA/IDOR attacks, rate limit bypass, credential scanning, and injection attempts' — rather than vague language, matching the 'Lists multiple specific concrete actions' anchor.

3 / 3

Completeness

Explicitly answers both what ('Parses API Gateway access logs... to detect...') and when ('Use when investigating API abuse or building API-specific threat detection rules'), satisfying the explicit-trigger anchor.

3 / 3

Trigger Term Quality

Includes natural analyst-facing terms ('API abuse', 'API-specific threat detection rules', 'API Gateway access logs') alongside the explicit 'Use when' trigger, giving good coverage of terms users would actually say.

3 / 3

Distinctiveness Conflict Risk

The API-gateway-access-log security niche with distinct triggers ('API abuse', 'API-specific threat detection rules') is unlikely to collide with other skills.

3 / 3

Total

12

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.