CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-malicious-url-with-urlscan

URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections of web pages in an isolat

52

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

50%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill delivers a usable 4-step URLScan workflow with one concrete API example, but most steps are descriptive rather than executable and the provided reference/script/asset bundle is largely ignored in favor of inline content. Validation is documented separately rather than woven into the workflow as checkpoints.

Suggestions

Make Steps 2–4 actionable by showing concrete commands or script invocations (e.g. how to invoke scripts/process.py to extract IOCs and cross-reference threat-intel sources) instead of descriptive bullets.

Link the existing bundle files from the body — point the API details to references/api-reference.md, standards to references/standards.md, and procedures to references/workflows.md — so inline content can move out of SKILL.md.

Integrate validation as explicit checkpoints inside the workflow (e.g. 'After submitting, confirm the scan completed before extracting IOCs') rather than only as a trailing checklist.

DimensionReasoningScore

Conciseness

The body is mostly efficient, but the 'Phishing URL Red Flags' list (newly registered domains, URL shorteners, free hosting) restates general phishing knowledge Claude already has, and the Overview duplicates the frontmatter description.

2 / 3

Actionability

Step 1 provides a copy-paste-ready API call (endpoint, header, JSON body), but Steps 2–4 are descriptive bullets ('Review screenshot', 'Examine DOM') with no executable commands, leaving the guidance incomplete.

2 / 3

Workflow Clarity

A 4-step sequence is present and a separate Validation section exists, but validation checkpoints are not integrated into the workflow as feedback loops, so steps are listed with implicit rather than explicit checkpoints.

2 / 3

Progressive Disclosure

The body is section-organized and references scripts/process.py (a real file), but references/api-reference.md, references/standards.md, references/workflows.md, scripts/agent.py, and assets/template.md are never linked while inline content (the API example, Tools & Resources) could live in those files.

2 / 3

Total

8

/

12

Passed

Description

67%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific and clearly niched to URLScan.io, but it lacks an explicit 'when to use' trigger clause and is cut off mid-sentence, capping completeness. Trigger-term coverage is adequate but omits common user phrasings.

Suggestions

Add an explicit trigger clause, e.g. 'Use when analyzing a suspicious or phishing URL, checking whether a link is safe, or investigating a credential-harvesting page.'

Include natural user phrasings such as 'phishing URL', 'malicious link', and 'is this link safe' alongside 'suspicious URLs'.

Fix the truncated description so it ends with a complete sentence ('...in an isolated environment.') instead of cutting off at 'isolat'.

DimensionReasoningScore

Specificity

The description enumerates multiple concrete capabilities — 'captures screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections' — matching the anchor for listing several specific actions rather than vague language.

3 / 3

Completeness

It clearly states what the service does but never provides a 'Use when...' clause or equivalent explicit trigger guidance, which the rubric caps at 2; the text is also truncated mid-word ('isolat').

2 / 3

Trigger Term Quality

'scanning and analyzing suspicious URLs' is a natural phrase, but common variations a user would actually say ('phishing URL', 'malicious link', 'is this link safe', 'URL safety check') are missing.

2 / 3

Distinctiveness Conflict Risk

Naming a specific service ('URLScan.io') for a narrow task (scanning suspicious URLs) gives it a clear niche with distinct triggers unlikely to collide with general-purpose skills.

3 / 3

Total

10

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.