CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-linux-system-artifacts

Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover evidence of compromise or unauthorized activity.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill is highly actionable with executable forensic commands, but it loses points on conciseness for re-teaching known concepts and on workflow/progressive-disclosure for lacking validation checkpoints and not linking its own bundle files.

Suggestions

Trim the 'Key Concepts' and 'Tools & Systems' tables down to only non-obvious specifics, or move them into references/api-reference.md and link from the body.

Add validation checkpoints to the collection workflow (e.g., verify the read-only mount, hash collected artifacts and compare against a baseline) to satisfy the feedback-loop requirement for batch operations.

Reference the existing bundle files from the body (e.g., 'See references/api-reference.md for full tool syntax and artifact locations') instead of keeping everything inline.

DimensionReasoningScore

Conciseness

The body is mostly lean executable commands, but the 'Key Concepts' and 'Tools & Systems' tables re-explain concepts Claude already knows (SUID bit, auth.log purpose, chkrootkit/rkhunter), so it could be tightened.

2 / 3

Actionability

Provides fully executable bash and Python snippets with concrete paths and copy-paste-ready commands rather than pseudocode or vague direction.

3 / 3

Workflow Clarity

Steps 1-5 are clearly sequenced, but the batch evidence-collection workflow lacks validation/integrity-verification checkpoints (e.g., confirming collection succeeded or hashing collected evidence), so it is capped at 2.

2 / 3

Progressive Disclosure

Sections are organized, but the body is monolithic and never signals the existing references/api-reference.md or scripts/agent.py bundle files, leaving content that could be split referenced only implicitly.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, distinctive, and uses natural trigger terms, but it omits an explicit 'Use when...' clause so its completeness is capped at 2.

Suggestions

Append an explicit 'Use when...' clause naming trigger situations (e.g., 'Use when investigating a compromised Linux host, looking for persistence, or tracing user activity through logs and shell history').

Add common variation terms like 'incident response', 'forensics', and 'persistence detection' to broaden natural trigger coverage.

DimensionReasoningScore

Specificity

Lists multiple concrete actions ('Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover evidence of compromise or unauthorized activity') matching the top anchor.

3 / 3

Completeness

Clearly states what it does but lacks an explicit 'Use when...' trigger clause, so the 'when' is only implied and completeness is capped at 2 per the guidelines.

2 / 3

Trigger Term Quality

Uses natural terms an incident-response user would say ('auth logs', 'cron jobs', 'shell history', 'compromise', 'unauthorized activity'), giving good coverage rather than jargon.

3 / 3

Distinctiveness Conflict Risk

Targets a clear Linux-forensics niche with distinct triggers, making it unlikely to fire for unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.