CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-apt-group-with-mitre-navigator

Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A highly actionable skill with strong executable code and a clear step sequence, weakened by explanatory prose Claude doesn't need, validation kept out of the workflow, and bundle files that exist but are not surfaced from SKILL.md.

Suggestions

Link the existing bundle files from the body — e.g. 'See references/api-reference.md for the full layer format and STIX access' and 'Use scripts/agent.py for a ready-made agent' — and move duplicated detail out of SKILL.md.

Trim the Overview and Key Concepts prose to only what is non-obvious, letting the code carry the explanation.

Add inline validation checkpoints to the workflow (e.g. verify the generated layer JSON loads in the Navigator before proceeding to gap analysis).

DimensionReasoningScore

Conciseness

The bulk is lean executable code, but the Overview and Key Concepts sections explain domain background (what Navigator layers are, that ATT&CK catalogs 140+ groups) that Claude largely already knows and could be trimmed.

2 / 3

Actionability

All five workflow steps contain complete, copy-paste-ready Python using real libraries (attackcti, stix2) with concrete output handling, matching the fully-executable anchor.

3 / 3

Workflow Clarity

Steps are clearly sequenced (Step 1–5) and a Validation Criteria section exists, but validation is a separate list rather than inline checkpoints or validate→fix→retry feedback loops within the workflow.

2 / 3

Progressive Disclosure

Bundle files references/api-reference.md and scripts/agent.py exist but are never linked or signaled from the body, and their content is largely duplicated inline; the References section lists only external URLs.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A specific, distinctive description that clearly states capabilities using natural domain terms, but it omits an explicit 'when to use' trigger clause, leaving the completeness dimension incomplete.

Suggestions

Add a 'Use when...' clause naming concrete triggers, e.g. 'Use when analyzing an APT group's TTPs, building ATT&CK Navigator layers, or running detection gap analysis.'

DimensionReasoningScore

Specificity

The description names several concrete actions — 'Analyze... techniques', 'create layered heatmaps of adversary TTPs', 'detection gap analysis', 'threat-informed defense' — matching the multiple-specific-actions anchor.

3 / 3

Completeness

It clearly answers 'what' the skill does but lacks any 'Use when...' clause or equivalent explicit trigger guidance, which the rubric caps at 2.

2 / 3

Trigger Term Quality

It surfaces natural domain terms a user would actually say — 'APT group', 'MITRE ATT&CK Navigator', 'heatmaps', 'TTPs', 'detection gap analysis' — giving good coverage rather than jargon-only phrasing.

3 / 3

Distinctiveness Conflict Risk

The niche is narrow and distinctive — APT-group TTP analysis via ATT&CK Navigator heatmaps — making it unlikely to trigger for unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.