analyzing-network-packets-with-scapy
Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing
61
52%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-network-packets-with-scapy/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity and distinctiveness, naming concrete actions, a specific tool (Scapy), and clear use cases in network security. Its main weakness is the absence of an explicit 'Use when...' clause, which means Claude must infer when to select this skill rather than being explicitly guided. Adding trigger guidance would elevate this from good to excellent.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about Scapy, packet crafting, packet sniffing, network protocol analysis, or traffic inspection for security testing.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'craft, send, sniff, and dissect network packets' along with specific use cases like 'protocol analysis, network reconnaissance, and traffic anomaly detection.' Names the specific tool (Scapy) and domain (authorized security testing). | 3 / 3 |
Completeness | Clearly answers 'what does this do' (craft, send, sniff, dissect packets using Scapy for various security purposes), but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The when is only implied through the listed use cases. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'Scapy', 'network packets', 'protocol analysis', 'network reconnaissance', 'traffic anomaly detection', 'security testing', 'sniff', 'dissect'. These cover a good range of terms a security professional would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: Scapy-based packet manipulation for security testing. The combination of the specific tool (Scapy), specific actions (craft/send/sniff/dissect packets), and specific domain (authorized security testing) makes it very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads as a high-level outline or table of contents rather than an actionable skill document. It completely lacks executable code examples, concrete Scapy function usage, or specific implementation patterns. For a packet manipulation skill, the absence of any actual Scapy code (rdpcap examples, packet crafting syntax, filter expressions, sniff callbacks) makes it essentially unusable as guidance.
Suggestions
Add executable Python/Scapy code examples for each major step (e.g., `rdpcap('capture.pcap')`, `IP(dst='target')/TCP(dport=80, flags='S')`, `sniff(filter='tcp', prn=callback, count=100)`)
Include a concrete workflow with validation checkpoints, e.g., verify pcap loaded correctly by checking packet count, validate crafted packets with `packet.show()` before sending
Replace the abstract 'When to Use' bullets with a brief one-liner scope statement, and use the saved space for actual code patterns and output examples
Add a concrete JSON output example showing the expected report structure so Claude knows exactly what to produce
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is relatively brief but includes some unnecessary filler like the 'When to Use' section with generic SOC analyst bullet points that don't add actionable value. The overview also restates what the steps already cover. | 2 / 3 |
Actionability | The skill provides no executable code, no concrete commands, no examples of Scapy usage. Steps are described abstractly ('Extract protocol layers', 'Detect SYN flood patterns') without any actual code snippets, function calls, or specific implementation guidance. | 1 / 3 |
Workflow Clarity | Steps are listed but lack any validation checkpoints, error handling, or feedback loops. For operations involving raw sockets and network scanning (potentially destructive/risky), there are no verification steps. The sequence is vague and reads more like a table of contents than an actionable workflow. | 1 / 3 |
Progressive Disclosure | The content is organized into clear sections (Overview, When to Use, Prerequisites, Steps, Expected Output), but there are no references to detailed sub-documents, no code examples inline, and the structure doesn't effectively split overview from detail—it's all surface-level with no depth anywhere. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
888bbe4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.