analyzing-network-packets-with-scapy
Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing
48
52%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-network-packets-with-scapy/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity and distinctiveness, naming the exact tool (Scapy) and listing concrete packet manipulation actions alongside clear use-case domains. Its main weakness is the absence of an explicit 'Use when...' clause, which means Claude must infer when to select this skill rather than being explicitly guided. The trigger terms are naturally aligned with what security professionals would say.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about packet crafting, network sniffing, Scapy scripts, protocol analysis, or security testing with raw packets.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'craft, send, sniff, and dissect network packets' along with specific use cases like 'protocol analysis, network reconnaissance, and traffic anomaly detection.' Names the specific tool (Scapy) and domain (authorized security testing). | 3 / 3 |
Completeness | Clearly answers 'what does this do' (craft, send, sniff, dissect packets using Scapy for protocol analysis, recon, anomaly detection), but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The 'when' is only implied by the listed capabilities. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'Scapy', 'network packets', 'sniff', 'protocol analysis', 'network reconnaissance', 'traffic anomaly detection', 'security testing'. These are terms a security professional would naturally use when requesting this kind of work. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the specific tool name (Scapy), the specific actions (craft/send/sniff/dissect packets), and the narrow domain (authorized security testing). Unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads like a high-level outline or table of contents rather than actionable guidance. It lacks any executable code examples, concrete commands, or specific patterns that Claude could follow. The multi-step workflow has no validation checkpoints or error recovery, and the breadth of topics covered (SYN scanning, DNS exfiltration, pcap analysis, packet crafting) demands supporting reference files that are entirely absent.
Suggestions
Add executable Python/Scapy code examples for each major step (e.g., rdpcap() usage, SYN scan implementation, DNS entropy calculation) — at minimum a complete working example for the most common use case
Add explicit validation checkpoints: verify pcap loaded successfully, confirm root privileges before raw socket operations, validate crafted packets before sending
Split detailed code examples for each sub-topic (SYN scanning, DNS analysis, anomaly detection) into separate referenced files to keep SKILL.md as a concise overview
Remove generic 'When to Use' bullets that don't add actionable information and replace with a concrete trigger condition (e.g., 'Use when you have a .pcap file to analyze or need to craft test packets')
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content has some unnecessary padding (e.g., the 'When to Use' section with generic SOC analyst bullets, the verbose overview restating what Scapy is), but it's not excessively long. Could be tightened significantly. | 2 / 3 |
Actionability | No executable code, no concrete commands, no examples. The steps are entirely abstract descriptions ('Read and parse pcap files with rdpcap()') without any actual code snippets, function signatures, or copy-paste ready guidance. Mentioning a function name in passing is not actionable. | 1 / 3 |
Workflow Clarity | Steps are listed but lack any validation checkpoints, error handling, or feedback loops. For security-sensitive operations involving raw sockets and network scanning, there are no safety checks, no verification steps, and no guidance on what to do when things fail. The sequence is vague and reads more like a table of contents than a workflow. | 1 / 3 |
Progressive Disclosure | The content has some structural organization with headers (Overview, Prerequisites, Steps, Expected Output), but everything is inline with no references to supporting files. For a skill covering this many sub-topics (SYN scanning, DNS exfiltration, traffic stats, packet crafting), detailed examples and code should be split into referenced files, but none exist. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
0445030
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.