analyzing-browser-forensics-with-hindsight
Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.
69
62%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-browser-forensics-with-hindsight/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity, naming concrete artifact types, specific browsers, and the tool used (Hindsight). The trigger term coverage is comprehensive for the digital forensics domain. The main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about browser forensics, analyzing Chrome/Edge/Brave/Opera data, recovering browsing history, or investigating web activity using Hindsight.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions' and names specific browsers (Chrome, Edge, Brave, Opera). Also names the specific tool (Hindsight). | 3 / 3 |
Completeness | Clearly answers 'what does this do' with detailed capabilities, but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The 'when' is only implied by the forensic investigation context. Per rubric guidelines, missing 'Use when...' caps completeness at 2. | 2 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'browser artifacts', 'browsing history', 'downloads', 'cookies', 'cached content', 'autofill', 'saved passwords', 'browser extensions', 'Chrome', 'Edge', 'Brave', 'Opera', 'forensic investigation', 'Hindsight'. These are terms a forensic analyst would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche: Chromium-based browser forensics using a specific tool (Hindsight). Very unlikely to conflict with other skills given the specific domain (digital forensics), specific tool, and specific artifact types. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, executable content with concrete commands, code, and examples for browser forensics analysis. However, it is severely bloated—the overview explains concepts Claude already knows, the example output is excessively long, and all content is crammed into a single file rather than being progressively disclosed. The workflow lacks explicit validation checkpoints important for forensic integrity.
Suggestions
Move the browser profile locations table, artifact files table, SQL schema details, and the full Python script into separate reference files (e.g., PROFILE_PATHS.md, ARTIFACTS.md, ANALYSIS_SCRIPT.py) and link to them from the main skill.
Remove the verbose overview paragraph and 'When to Use' boilerplate—replace with a 1-2 line purpose statement that adds only what Claude wouldn't already know.
Add an explicit numbered forensic workflow with validation checkpoints: verify evidence integrity (hash check), run Hindsight, validate output completeness, correlate findings, document chain of custody.
Trim the example output block to ~10-15 lines showing the most critical output format, rather than the current ~40+ line block.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~250+ lines. The overview paragraph explains what Hindsight is and what browsers it supports—information Claude already knows or can infer. The 'When to Use' section is generic boilerplate. The extensive SQL schema comments, the massive example output block, and the full Python script all bloat the content significantly. Much of this could be condensed or moved to reference files. | 1 / 3 |
Actionability | The skill provides fully executable CLI commands, a complete Python analysis script with proper imports and main function, specific file paths, and concrete SQL queries. The code is copy-paste ready and covers multiple analysis scenarios. | 3 / 3 |
Workflow Clarity | While individual steps (running Hindsight, analyzing artifacts) are clear, there's no explicit end-to-end forensic workflow with validation checkpoints. For forensic analysis—where evidence integrity matters—there should be verification steps (e.g., hash verification of profile before analysis, validating database integrity, chain of custody considerations). The content reads more like a reference catalog than a sequenced workflow. | 2 / 3 |
Progressive Disclosure | This is a monolithic wall of text with everything inline—browser paths table, artifact files table, CLI commands, SQL schemas, a full Python script, and a massive example output block. None of this is split into separate reference files. The References section links to external URLs but doesn't organize internal content across files for progressive discovery. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
888bbe4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.