CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-linux-elf-malware

Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware, and rootkits targeting Linux servers, containers, and cloud infrastructure. Covers static analysis, dynamic tracing, and reverse engineering of x86_64 and ARM ELF samples. Activates for requests involving Linux malware analysis, ELF binary investigation, Linux server compromise assessment, or container malware analysis.

68

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with executable commands at every step, but it spends tokens restating known concepts, omits validation checkpoints in its risky malware-execution workflow, and leaves its reference/scripts bundle files orphaned. Tightening these would raise the lower dimensions.

Suggestions

Trim or remove the 'Key Concepts' table and 'Tools & Systems' descriptions, which restate ELF/strace/Ghidra basics Claude already knows; keep only skill-specific gotchas.

Add explicit validation/safety checkpoints in the dynamic-analysis steps (e.g., confirm sandbox isolation before strace/ltrace, verify observed behavior against expected before proceeding).

Link the existing references/api-reference.md and scripts/agent.py from the body (e.g., a 'References' section) and move the large inline Output Format / Scenarios detail there, turning SKILL.md into a lean overview.

DimensionReasoningScore

Conciseness

The workflow code is lean, but the 'Key Concepts' table (defining ELF, strace, LD_PRELOAD, GOT/PLT) and 'Tools & Systems' section restate concepts and tools Claude already knows, so the body could be tightened.

2 / 3

Actionability

Provides fully executable bash (readelf/strace/objdump), Python (pyelftools entropy analysis), and GDB commands plus concrete Ghidra steps — copy-paste ready and specific.

3 / 3

Workflow Clarity

Steps 1–6 are clearly sequenced, but the workflow lacks explicit validation/feedback checkpoints for the risky act of executing malware; per the rubric, missing validation for destructive/risky operations caps this at 2.

2 / 3

Progressive Disclosure

The body is monolithic (~315 lines with Key Concepts, Tools, Scenarios, and Output Format all inline) and never signals the existing bundle files (references/api-reference.md, scripts/agent.py), so references are present but unlinked and content that should be split is inline.

2 / 3

Total

9

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is third-person, concrete, and well-scoped, with explicit activation triggers and a distinct Linux ELF malware niche. It cleanly satisfies all four dimensions.

DimensionReasoningScore

Specificity

Lists multiple concrete actions ('static analysis, dynamic tracing, and reverse engineering') and specific target classes ('botnets, cryptominers, ransomware, and rootkits'), matching the 'lists multiple specific concrete actions' anchor.

3 / 3

Completeness

Explicitly answers both 'what' ('Analyzes malicious Linux ELF... binaries') and 'when' via the trigger clause 'Activates for requests involving...', satisfying the explicit-what-and-when anchor.

3 / 3

Trigger Term Quality

Covers natural user phrasing such as 'Linux malware analysis, ELF binary investigation, Linux server compromise assessment, or container malware analysis' — terms a user would naturally say when needing this skill.

3 / 3

Distinctiveness Conflict Risk

A clear Linux-ELF-malware niche with distinct triggers, and the body's 'Do not use for Windows PE' boundary further reduces conflict with other analysis skills.

3 / 3

Total

12

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.