CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-golang-malware-with-ghidra

Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction, and type reconstruction in stripped Go binaries.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with two complete executable scripts, but it is verbose and monolithic: it inlines content that duplicates the bundle files and provides no navigation to them, and its workflow lacks inline validation checkpoints.

Suggestions

Replace the two large inline scripts with pointers to scripts/agent.py and the Ghidra script, keeping only a short representative excerpt in SKILL.md.

Reference the existing bundle files (e.g. "See references/api-reference.md for magic-byte tables and malware families; use assets/template.md for reports") so the detailed material is one level deep and discoverable.

Add inline validation checkpoints to the workflow (e.g. "Confirm pclntab was located before proceeding to function categorization") to turn the detached Validation Criteria into a verify-then-proceed loop.

DimensionReasoningScore

Conciseness

Mostly useful but padded: the Overview explains general Go-malware context Claude largely knows, and roughly 220 lines of inline scripts duplicate material that already lives in scripts/ and references/ bundle files.

2 / 3

Actionability

Two complete, executable scripts — a standalone Step 1 with a __main__ block and a Ghidra Step 2 — with concrete magic bytes and regex patterns, making the guidance copy-paste ready.

3 / 3

Workflow Clarity

Two steps are sequenced, but there are no inline validation checkpoints or feedback loops; the "Validation Criteria" section is a detached list rather than integrated verify-then-proceed gates.

2 / 3

Progressive Disclosure

The body has clear sections but inlines large scripts and reference tables that should be separate, while never signaling the existing bundle files in references/, scripts/, or assets/template.md.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A specific, third-person description that names concrete actions and uses natural trigger terms within a well-scoped niche. Its only notable gap is the absence of an explicit "Use when..." clause, which limits completeness.

Suggestions

Append a trigger clause such as "Use when reverse engineering Go-compiled malware in Ghidra, or when recovering functions/strings from stripped Go binaries" to satisfy the completeness "when" requirement.

Add a couple of natural variation terms (e.g. "Golang", "Go binary") to broaden trigger coverage beyond "Go-compiled".

DimensionReasoningScore

Specificity

Names multiple concrete actions — "function recovery, string extraction, and type reconstruction" — against a specific domain and tool, matching the anchor for listing multiple specific concrete actions.

3 / 3

Completeness

Clearly answers what the skill does but lacks any "Use when..." trigger clause; per the guidelines a missing explicit trigger caps completeness at 2.

2 / 3

Trigger Term Quality

Uses natural terms an analyst would say ("Go-compiled malware", "Ghidra", "stripped Go binaries", "reverse engineer") rather than abstract jargon, giving good coverage.

3 / 3

Distinctiveness Conflict Risk

The narrow niche (Go-compiled malware analyzed with Ghidra in stripped binaries) is distinct and unlikely to trigger for unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.