analyzing-malicious-url-with-urlscan
URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections of web pages in an isolat
53
42%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-malicious-url-with-urlscan/SKILL.mdQuality
Discovery
50%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description starts strong with specific capabilities of URLScan.io including screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections. However, it is clearly truncated (cuts off mid-sentence at 'isolat'), which means it likely loses important context and is missing a 'Use when...' clause entirely. The truncation significantly undermines its effectiveness as a skill selector.
Suggestions
Complete the truncated description - it cuts off at 'isolat' (likely 'isolated environment') which loses critical information.
Add an explicit 'Use when...' clause with trigger terms like 'suspicious URL', 'phishing', 'malicious website', 'URL safety check', 'analyze a link', or 'website security scan'.
Include common user-facing variations such as 'check if a URL is safe', 'scan a link', or 'investigate a website' to improve trigger term coverage.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: scanning URLs, capturing screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections. These are detailed, concrete capabilities. | 3 / 3 |
Completeness | The description covers 'what' (scanning and analyzing URLs with specific capture capabilities) but is truncated and completely lacks a 'when' clause or explicit trigger guidance. Per rubric, a missing 'Use when...' clause caps completeness at 2, and the truncation makes it even weaker. | 1 / 3 |
Trigger Term Quality | Includes some natural keywords like 'suspicious URLs', 'scanning', 'screenshots', 'HTTP transactions', but the description appears truncated and may be missing common user-facing terms like 'malicious URL', 'phishing', 'website safety check', or 'URL analysis'. | 2 / 3 |
Distinctiveness Conflict Risk | URLScan.io is a very specific tool/service with a clear niche in URL security analysis. The mention of the specific service name and security-focused capabilities makes it highly distinguishable from other skills. | 3 / 3 |
Total | 9 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a general knowledge article about URLScan.io than an actionable skill for Claude. It spends too many tokens on concepts Claude already knows (phishing indicators, what URLScan does) while lacking the executable code and validation steps that would make it truly useful. The workflow is a reasonable outline but needs concrete implementation and error handling to be production-ready.
Suggestions
Remove the 'Key Concepts' section (especially phishing red flags) — Claude already knows this — and replace with a concise, executable Python script that submits a URL, polls for results, and extracts IOCs.
Add explicit validation/error handling in the workflow: check scan status before proceeding, handle rate limits, verify API response codes, and include a retry loop for pending scans.
Replace the generic 'When to Use' boilerplate with a single-line scope statement, and cut the prerequisites to only non-obvious items (e.g., just the API key requirement).
Either include the actual content of 'scripts/process.py' as executable code or provide a clear file reference with description of what it contains.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Significant verbosity explaining concepts Claude already knows (what URLScan.io is, what phishing red flags look like, HTTP protocols, etc.). The 'Key Concepts' section is largely general knowledge that doesn't need to be spelled out. The 'When to Use' section is generic boilerplate that adds no value. | 1 / 3 |
Actionability | The API submission example provides a concrete endpoint and payload, but there's no executable Python code despite listing Python as a prerequisite. The reference to 'scripts/process.py' is vague with no code shown. Steps 2-4 are descriptive checklists rather than executable guidance. | 2 / 3 |
Workflow Clarity | Steps are listed in a logical sequence, but there are no validation checkpoints or feedback loops. No guidance on what to do if the scan fails, times out, or returns unexpected results. The workflow lacks explicit verification steps between stages (e.g., confirming scan completion before analyzing results). | 2 / 3 |
Progressive Disclosure | Content is structured with headers but everything is inline in one file. The 'Key Concepts' section with phishing red flags and URLScan capabilities could be separated into reference material. The reference to 'scripts/process.py' suggests external content exists but isn't clearly linked or navigable. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
888bbe4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.