analyzing-malicious-url-with-urlscan

URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections of web pages in an isolat

Quality

38%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Risky

Do not use without reviewing

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/analyzing-malicious-url-with-urlscan/SKILL.md

Quality

Content

27%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill reads more like a general knowledge article about URLScan.io than an actionable skill for Claude. It spends most of its token budget explaining concepts Claude already knows (phishing indicators, what URLScan does) while providing minimal executable code or concrete automation steps. The referenced script doesn't exist, and the workflow lacks validation checkpoints.

Suggestions

Remove the 'Key Concepts' section entirely—Claude already knows about phishing red flags and URLScan capabilities—and replace with executable Python code for API submission and result parsing.

Add a complete, copy-paste-ready Python script for scanning a URL and extracting IOCs, rather than referencing a nonexistent 'scripts/process.py'.

Add explicit validation checkpoints in the workflow (e.g., check HTTP response status after submission, poll for scan completion, verify IOC extraction produced results before cross-referencing).

Remove the generic 'When to Use' and 'Prerequisites' sections to save tokens, and trim 'Tools & Resources' to only items directly used in the workflow.

Dimension	Reasoning	Score
Conciseness	Significant verbosity throughout. The 'Key Concepts' section explains things Claude already knows (what phishing red flags look like, what URLScan capabilities are). The 'When to Use' section is generic boilerplate. Prerequisites list basic knowledge Claude possesses. Much of this content is descriptive rather than instructive.	1 / 3
Actionability	The API submission example provides a concrete endpoint and payload, but there's no executable Python code despite listing Python as a prerequisite. Step 4 references 'scripts/process.py' which doesn't exist in the bundle. The workflow steps are mostly descriptive checklists rather than executable commands or code.	2 / 3
Workflow Clarity	Steps are listed in a logical sequence, but there are no validation checkpoints or feedback loops. No guidance on what to do if the scan fails, times out, or returns unexpected results. The validation section at the end reads like acceptance criteria rather than inline verification steps.	2 / 3
Progressive Disclosure	The content is a monolithic wall of text with no references to supporting files. It references 'scripts/process.py' which doesn't exist. The Key Concepts section and Tools & Resources section contain extensive inline content that could be separated, while the actual workflow content that matters is thin.	1 / 3
	Total	6 / 12 Passed

Description

50%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description demonstrates strong specificity by listing concrete capabilities (screenshots, DOM content, HTTP transactions, JavaScript behavior, network connections) and is highly distinctive due to the named service. However, it is clearly truncated mid-sentence, which means it lacks a 'Use when...' clause entirely and may be missing additional trigger terms that users would naturally use when requesting URL security analysis.

Suggestions

Complete the truncated description and add an explicit 'Use when...' clause, e.g., 'Use when the user wants to check a suspicious URL, analyze a potentially malicious website, or investigate phishing links.'

Add natural trigger terms users would say, such as 'malicious URL', 'phishing link', 'check if a URL is safe', 'website security scan', 'URL reputation check'.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: scanning URLs, capturing screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections. These are detailed, concrete capabilities.	3 / 3
Completeness	The description covers 'what' (scanning and analyzing URLs with specific capture types) but is truncated and completely lacks a 'when should Claude use it' clause. The missing 'Use when...' guidance caps this at 2 per the rubric, and since the description is also cut off mid-sentence, it scores a 1.	1 / 3
Trigger Term Quality	Includes some natural keywords like 'suspicious URLs', 'scanning', 'screenshots', 'HTTP transactions', but the description appears truncated and is missing common user-facing terms like 'malicious URL', 'phishing', 'URL check', 'website safety'. Also missing file extensions or shorthand users might say.	2 / 3
Distinctiveness Conflict Risk	URLScan.io is a very specific tool/service with a clear niche in URL security analysis. The mention of the specific service name and security-focused capabilities makes it highly distinguishable from other skills.	3 / 3
	Total	9 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Repository: mukul975/Anthropic-Cybersecurity-Skills
Commit: 0445030

Reviewed: 12 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.