analyzing-browser-forensics-with-hindsight
Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.
69
62%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-browser-forensics-with-hindsight/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity, naming the tool (Hindsight), concrete artifact types, and supported browsers. The trigger terms are comprehensive and natural for the forensic analysis domain. The main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know precisely when to select this skill.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks to analyze browser data, investigate web activity, perform browser forensics, or mentions Hindsight, Chrome history, or Chromium artifacts.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions' across specific browsers 'Chrome, Edge, Brave, and Opera'. Also names the specific tool 'Hindsight'. | 3 / 3 |
Completeness | The 'what' is thoroughly covered with specific actions and supported browsers, but there is no explicit 'Use when...' clause or equivalent trigger guidance. The purpose ('for forensic investigation') is implied but not framed as an explicit trigger condition. Per rubric guidelines, missing 'Use when...' caps completeness at 2. | 2 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'browser artifacts', 'browsing history', 'downloads', 'cookies', 'cached content', 'autofill', 'saved passwords', 'browser extensions', 'Chrome', 'Edge', 'Brave', 'Opera', 'Hindsight', 'forensic investigation', 'Chromium'. These are terms a forensic analyst would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: Chromium-based browser forensics using the specific tool 'Hindsight'. The combination of browser artifact types, specific browser names, and forensic context makes it very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, concrete guidance with executable code and specific commands, which is its primary strength. However, it is severely bloated — the overview explains things Claude already knows, the example output is excessively long, and the entire content is a monolithic document that should be split across multiple files. The forensic workflow lacks explicit validation checkpoints (evidence integrity verification, read-only access confirmation) that are critical for this domain.
Suggestions
Reduce the overview to 1-2 sentences and remove explanations of what Hindsight is and what Chromium browsers exist — Claude already knows this.
Extract the Python analysis script, SQL schema details, and browser profile location tables into separate referenced files (e.g., ANALYSIS_SCRIPT.md, ARTIFACT_SCHEMAS.md, PROFILE_PATHS.md).
Add an explicit numbered workflow with validation checkpoints: verify evidence integrity (hashing), ensure read-only access, run Hindsight, validate output, then analyze — with error recovery steps.
Trim the example output block to ~10-15 lines showing the key structure rather than the current ~40+ lines of simulated forensic data.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~250+ lines. It explains what Hindsight is, what browsers it supports, what artifacts exist, SQL schemas Claude already knows, and includes a massive example output block and a full Python script that largely duplicates Hindsight's own functionality. The overview paragraph alone is unnecessarily long and descriptive. | 1 / 3 |
Actionability | The skill provides fully executable CLI commands, a complete Python analysis script with proper imports and main function, specific file paths, and concrete SQL queries. Everything is copy-paste ready and includes real command-line flags and options. | 3 / 3 |
Workflow Clarity | While individual steps are clear (run Hindsight, analyze output), there's no explicit workflow sequence tying the steps together with validation checkpoints. For forensic analysis involving evidence integrity, there should be verification steps (e.g., hash verification of evidence, read-only mounting) and a clear sequential process. The steps are presented as independent sections rather than a guided workflow. | 2 / 3 |
Progressive Disclosure | This is a monolithic wall of text with everything inline — browser profile locations, artifact file tables, SQL schemas, a full Python script, CLI examples, and a massive example output block. None of this is split into referenced files. The Python script alone could be a separate file, and the artifact details and example output could be in supplementary documents. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
c15f73d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.