analyzing-browser-forensics-with-hindsight
Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.
55
62%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-browser-forensics-with-hindsight/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity, naming the tool (Hindsight), listing seven distinct artifact types, and four specific browsers. The main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill over others. Adding trigger guidance would elevate this from good to excellent.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about browser forensics, recovering browsing history, analyzing Chrome/Edge/Brave/Opera data, or mentions Hindsight.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions' across specific browsers (Chrome, Edge, Brave, Opera) using a named tool (Hindsight). | 3 / 3 |
Completeness | Clearly answers 'what does this do' with detailed capabilities, but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The purpose ('forensic investigation') is mentioned but when to select this skill is only implied. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'browsing history', 'downloads', 'cookies', 'cached content', 'autofill', 'saved passwords', 'browser extensions', 'Chrome', 'Edge', 'Brave', 'Opera', 'forensic investigation', 'Hindsight', and 'browser artifacts'. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: Chromium-based browser forensics using the specific tool 'Hindsight'. Unlikely to conflict with other skills due to the specialized domain and named tool. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable content with executable code and concrete commands, but suffers from severe verbosity and poor organization. The monolithic structure dumps everything—profile paths, artifact tables, SQL schemas, a full Python script, and lengthy example output—into one file without progressive disclosure. For a forensic investigation skill involving evidence handling, the lack of a clear sequential workflow with validation checkpoints is a notable gap.
Suggestions
Extract the Python analysis script, SQL schema details, and example output into separate referenced files (e.g., ANALYSIS_SCRIPT.md, SCHEMAS.md, EXAMPLES.md) to improve progressive disclosure.
Trim the overview paragraph to 1-2 sentences and remove explanations of what Hindsight is and what Chromium browsers exist—Claude already knows this.
Add an explicit numbered workflow with validation steps: 1) Verify evidence integrity (hash), 2) Copy profile to working directory, 3) Run Hindsight, 4) Validate output completeness, 5) Review flagged artifacts.
Remove the lengthy example output block or move it to a separate EXAMPLES.md file—it consumes significant tokens without adding instructional value.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~200+ lines. It explains what Hindsight is, what browsers it supports, and what artifacts exist—all things Claude already knows. The overview paragraph is a wall of text restating the description. The SQL schema comments, extensive example output, and the full Python script bloat the content significantly. The artifact files table and browser profile locations table, while useful, could be much more compact. | 1 / 3 |
Actionability | The skill provides fully executable CLI commands for Hindsight, a complete runnable Python script with proper imports and main function, specific file paths, and concrete SQL queries. The code is copy-paste ready with real database schemas and Chrome timestamp conversion logic. | 3 / 3 |
Workflow Clarity | While the skill provides multiple analysis approaches (CLI, Web UI, Python script), there is no clear sequential workflow with validation checkpoints. For forensic analysis involving evidence integrity, there should be explicit steps for evidence preservation, hash verification, and validation of outputs. The steps are presented as independent options rather than a guided process. | 2 / 3 |
Progressive Disclosure | Everything is crammed into a single monolithic file with no references to supporting files. The Python analysis script (~80 lines), SQL schemas, extensive example output, and reference tables could all be split into separate files. There are no bundle files to support progressive disclosure, and the content doesn't attempt to organize into overview vs. detail layers. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
0f429d0
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.