CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-bootkit-and-rootkit-samples

Analyzes bootkit and advanced rootkit malware that infects the Master Boot Record (MBR), Volume Boot Record (VBR), or UEFI firmware to gain persistence below the operating system. Covers boot sector analysis, UEFI module inspection, and anti-rootkit detection techniques. Activates for requests involving bootkit analysis, MBR malware investigation, UEFI persistence analysis, or pre-OS malware detection.

70

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

72%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with concrete commands and a clear stepwise workflow, but it is padded with concept explanations Claude already knows and does not surface its existing bundle references. Workflow validation checkpoints and bundle navigation are the main weak spots.

Suggestions

Remove or shrink the Key Concepts table (MBR, UEFI, Secure Boot, SPI Flash, DKOM, DSE definitions) since Claude already knows these, keeping only skill-specific nuance.

Add explicit validation checkpoints to destructive/risky steps (e.g. verify dd image hash before analysis; confirm firmware dump integrity before reflashing; validate-and-retry loops).

Link the existing references/api-reference.md and scripts/agent.py from the body (e.g. a '## API reference' / '## Helper script' section) so the bundle is discoverable and the inline command detail can be trimmed.

DimensionReasoningScore

Conciseness

Mostly efficient with executable code, but the Key Concepts table re-explains notions Claude already knows (full definitions of MBR, UEFI, Secure Boot, SPI Flash, DKOM, DSE) and the inline detection-point and output blocks could be trimmed.

2 / 3

Actionability

Provides fully executable dd/ndisasm/UEFITool/chipsec/Volatility commands plus a runnable Python MBR-parsing snippet and a concrete report template, all copy-paste ready.

3 / 3

Workflow Clarity

The six steps are clearly sequenced, but validation checkpoints are implicit (e.g. no explicit verify-then-proceed loop after dd acquisition or before reflashing), and these risky/destructive operations lack explicit feedback loops.

2 / 3

Progressive Disclosure

A bundle reference (references/api-reference.md) and script (scripts/agent.py) exist but are never linked or signaled from the body, and large inline blocks (UEFI detection points, output template) could live in separate files; structure exists but navigation is not surfaced.

2 / 3

Total

9

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, well-triggered, and clearly distinguishes this skill from generic malware-analysis skills. It explicitly covers both capability and activation conditions without padding.

DimensionReasoningScore

Specificity

Lists multiple concrete actions such as 'boot sector analysis, UEFI module inspection, and anti-rootkit detection techniques' rather than vague language; matches the highest anchor.

3 / 3

Completeness

Clearly answers what it does ('Analyzes bootkit and advanced rootkit malware...') and when to use it with an explicit 'Activates for requests involving...' trigger clause.

3 / 3

Trigger Term Quality

Covers natural terms a user would say ('bootkit analysis, MBR malware investigation, UEFI persistence analysis, or pre-OS malware detection'), giving good coverage of likely phrasings.

3 / 3

Distinctiveness Conflict Risk

Targets a clear niche (pre-OS / firmware-level bootkits and rootkits) with distinct triggers unlikely to collide with general malware-analysis skills.

3 / 3

Total

12

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.