analyzing-browser-forensics-with-hindsight
Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.
51
56%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-browser-forensics-with-hindsight/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity, listing concrete artifact types, supported browsers, and the specific tool used. The main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know precisely when to select this skill. The domain is niche enough that conflict risk is minimal.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about browser forensics, recovering browsing data, analyzing Chrome/Edge/Brave/Opera artifacts, or mentions Hindsight.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions' and names specific browsers (Chrome, Edge, Brave, Opera). Also names the specific tool (Hindsight). | 3 / 3 |
Completeness | Clearly answers 'what does this do' with detailed capabilities, but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The purpose ('forensic investigation') is mentioned but when to select this skill over others is only implied, not explicitly stated. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'browsing history', 'downloads', 'cookies', 'cached content', 'autofill', 'saved passwords', 'browser extensions', 'Chrome', 'Edge', 'Brave', 'Opera', 'forensic investigation', 'Hindsight', and 'Chromium'. These cover a wide range of terms a forensic analyst would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: Chromium-based browser forensic artifact analysis using a specific tool (Hindsight). Very unlikely to conflict with other skills given the specialized domain and named tool. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
29%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, executable content with concrete commands, code, and examples for browser forensics analysis. However, it suffers from significant verbosity (explaining what Hindsight is, extensive example output), lacks a clear investigative workflow with validation checkpoints critical for forensic work, and dumps all content into a single monolithic file without progressive disclosure or supporting bundle files.
Suggestions
Add a clear numbered workflow (e.g., 1. Acquire profile → 2. Verify integrity → 3. Run Hindsight → 4. Validate output → 5. Analyze timeline) with explicit validation checkpoints at each stage, especially hash verification for forensic integrity.
Move the full Python analysis script and detailed artifact file tables into separate bundle files (e.g., scripts/analyze_chrome.py and ARTIFACTS.md) and reference them from the main SKILL.md.
Remove the overview paragraph explaining what Hindsight is and what Chromium browsers are—Claude already knows this. Cut the example output to ~10 lines showing just the key forensic indicators.
Trim the SQL schema comments to just the conversion formula and key field names, removing the full column listings that Claude can discover from the database itself.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~250+ lines. The overview paragraph explains what Hindsight is and what it does (information Claude already knows or can infer). The extensive SQL schema comments, the full Python script, and the lengthy example output all consume significant tokens. The artifact files table and browser profile locations table, while useful, could be more compact. Much content is redundant with what Hindsight itself documents. | 1 / 3 |
Actionability | The skill provides fully executable CLI commands for running Hindsight, a complete Python analysis script with proper imports and main function, specific file paths for browser profiles, and concrete SQL queries. All code is copy-paste ready and includes real parameters. | 3 / 3 |
Workflow Clarity | There is no clear sequential workflow for conducting a forensic investigation. The content presents reference material (tables, code snippets, example output) but lacks a step-by-step process with validation checkpoints. For forensic analysis—a domain where evidence integrity and verification are critical—there are no validation steps, no chain-of-custody considerations, and no error recovery guidance. | 1 / 3 |
Progressive Disclosure | The content is a monolithic wall of text with no bundle files to reference. Everything is inline—profile paths, artifact details, a full Python script, SQL schemas, and lengthy example output—all in a single file with no separation of concerns. The Python script alone could be a separate referenced file, and the detailed artifact tables could be in a reference document. | 1 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
0445030
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.