analyzing-network-traffic-with-wireshark
Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns, diagnose protocol issues, extract artifacts, and support incident response investigations on authorized network segments.
78
73%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-network-traffic-with-wireshark/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity and distinctive trigger terms that clearly carve out a network packet analysis niche. The main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill. Adding trigger guidance would elevate this from good to excellent.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about packet captures, pcap files, network traffic analysis, Wireshark, tshark, or network forensics.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'captures and analyzes network packet data', 'identify malicious traffic patterns', 'diagnose protocol issues', 'extract artifacts', and 'support incident response investigations'. These are concrete, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers 'what does this do' with specific capabilities, but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The 'when' is only implied by the nature of the actions described. Per rubric guidelines, missing 'Use when...' caps completeness at 2. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'Wireshark', 'tshark', 'network packet', 'malicious traffic', 'protocol issues', 'incident response', 'packet data'. These are terms a user working in network forensics or security would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: network packet analysis using specific tools (Wireshark/tshark) for security purposes. The combination of packet capture, specific tool names, and incident response context makes it very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, highly actionable skill with excellent executable examples covering a comprehensive range of network traffic analysis tasks. Its main weaknesses are the lack of validation checkpoints in the workflow (important for forensic evidence handling), some unnecessary explanatory content that Claude already knows (protocol definitions, tool descriptions), and a monolithic structure that could benefit from splitting reference material into separate files.
Suggestions
Add explicit validation checkpoints: verify capture is collecting packets after Step 1 (e.g., check packet count), validate exported objects exist and are non-empty in Step 4, and confirm evidence PCAP integrity after Step 6.
Remove or drastically reduce the Key Concepts table and Tools & Systems section — Claude already knows what BPF, PCAPNG, TCP streams, and tshark are. Keep only project-specific conventions or non-obvious details.
Split the Common Scenarios and Output Format sections into separate reference files (e.g., SCENARIOS.md, REPORT_TEMPLATE.md) and link to them from the main skill to improve progressive disclosure.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with good executable examples, but includes some unnecessary content like the Key Concepts table (Claude knows what BPF, PCAPNG, and TCP streams are), the Tools & Systems descriptions, and verbose explanations in the Prerequisites section. The overall length (~200 lines) could be tightened by removing definitions of well-known concepts. | 2 / 3 |
Actionability | Every step provides fully executable tshark commands with realistic flags, filters, and output options. Commands are copy-paste ready with concrete examples covering capture filters, display filters, artifact extraction, statistical analysis, and evidence export. The DNS tunneling scenario walks through a complete investigation with specific commands. | 3 / 3 |
Workflow Clarity | The six-step workflow is clearly sequenced and logically ordered from capture setup through reporting. However, there are no explicit validation checkpoints or feedback loops — for instance, no step to verify the capture is actually collecting packets before proceeding, no validation that exported objects are intact, and no error recovery guidance if tshark commands fail or produce empty results. | 2 / 3 |
Progressive Disclosure | The content is well-structured with clear headers and logical sections, but it's a monolithic document with no references to external files. The Key Concepts table, Tools & Systems section, and detailed scenario could be split into separate reference files. For a skill of this length (~200 lines), some content should be offloaded to keep the main skill lean. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
c15f73d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.