CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-certificate-transparency-for-phishing

Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.

56

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill is highly actionable with complete executable code and a clear step sequence, but it explains background concepts Claude already knows and fails to link its existing bundle files. Tightening concept explanations and wiring up the references would improve token efficiency and navigation.

Suggestions

Trim the 'Key Concepts' explanations of what CT logs and crt.sh are, keeping only domain-specific insight Claude lacks, and move detailed API tables/examples to references/api-reference.md.

Add explicit validation checkpoints between workflow steps (e.g. verify crt.sh returned results before analysis, confirm Certstream connected before alerting) with fix-retry guidance.

Link the bundle files from the body — e.g. an '## API Reference' pointer to references/api-reference.md and a usage note for scripts/agent.py — so the monolithic inline content is split into one-level-deep references.

Fix the small code bugs that hurt executability (import tldextract in Step 2; correct the crt.sh 'exclude=expired' parameter) so the code is truly copy-paste ready.

DimensionReasoningScore

Conciseness

The body is mostly executable code with brief framing, but the Overview and 'Key Concepts' sections re-explain background that Claude already knows (what Certificate Transparency is, what crt.sh is), adding unnecessary context that keeps it from being fully lean.

2 / 3

Actionability

Four complete, executable Python blocks (crt.sh query, Certstream monitoring, subdomain enumeration, report generation) plus concrete curl/bash examples make the guidance copy-paste ready rather than vague or pseudocode.

3 / 3

Workflow Clarity

A clear four-step sequence and a Validation Criteria section exist, but there are no inline validation checkpoints or fix-retry feedback loops between steps, and these batch/automation operations warrant them.

2 / 3

Progressive Disclosure

The body has well-organized sections, but a real bundle file (references/api-reference.md) and scripts/agent.py are never linked or signaled from SKILL.md, and the inline code/API detail that could live in those references is kept inline rather than split out.

2 / 3

Total

9

/

12

Passed

Description

67%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific and occupies a clear, distinctive niche, but it omits an explicit 'when to use' trigger clause and lacks breadth of natural trigger terms a user would say. Adding a 'Use when...' clause with common phrasing variations would lift completeness and trigger-term quality.

Suggestions

Append an explicit trigger clause, e.g. 'Use when monitoring for phishing or lookalike domains, investigating brand-impersonation certificates, or validating CT-log detection coverage.'

Add natural user phrasing variations such as 'phishing detection', 'lookalike domains', 'SSL certificate monitoring', and 'brand protection' to broaden trigger-term coverage.

Keep the third-person voice but restructure so the 'what' and 'when' are both explicit and concise in a single sentence.

DimensionReasoningScore

Specificity

The description lists multiple concrete actions — 'Monitor Certificate Transparency logs', 'detect phishing domains', 'lookalike certificates', and 'unauthorized certificate issuance' — matching the anchor for listing several specific actions rather than a single domain-and-action statement.

3 / 3

Completeness

It clearly states what the skill does, but lacks any explicit 'Use when...' trigger clause telling Claude when to invoke it; per the guidelines, a missing explicit trigger caps completeness at 2.

2 / 3

Trigger Term Quality

It includes relevant terms like 'phishing domains', 'lookalike certificates', and 'certificate issuance', but omits common natural variations a user would actually say such as 'phishing detection', 'SSL certificate monitoring', or 'brand protection', so coverage is partial rather than broad.

2 / 3

Distinctiveness Conflict Risk

The CT-log phishing niche tied to crt.sh and Certstream is specific and clearly distinguishable from generic threat-intelligence skills, making it unlikely to trigger for the wrong skill.

3 / 3

Total

10

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

relative_links

Relative link issues: 1 missing

Warning

Total

14

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.