CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-network-traffic-with-wireshark

Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns, diagnose protocol issues, extract artifacts, and support incident response investigations on authorized network segments.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with executable tshark commands and a clear step sequence, but it is padded with concepts Claude already knows, lacks validation feedback loops for batch/capture operations, and fails to route detail to its existing bundle files. Linking the reference/script and trimming the conceptual tables would raise the weakest dimensions.

Suggestions

Replace the 'Key Concepts' and 'Tools & Systems' sections with brief pointers to references/api-reference.md, keeping only what Claude would not already know, to improve conciseness and avoid duplicating the reference file.

Add explicit validation checkpoints to the workflow (e.g., verify the capture file is non-empty and hash it before filtering; confirm export-objects produced files before hashing) to introduce validate→fix→retry feedback loops.

Link the bundle files inline (e.g., 'See [api-reference.md](references/api-reference.md) for the full filter/field catalog' and 'See [agent.py](scripts/agent.py) for a scripted analysis helper') so progressive disclosure routes detail to one-level-deep references.

DimensionReasoningScore

Conciseness

The code blocks are lean and earn their place, but the 'Key Concepts' and 'Tools & Systems' sections explain concepts (PCAPNG, TCP Stream, what Wireshark/tshark are) that Claude already knows, so it is mostly efficient with unnecessary explanation that could be trimmed — the score-2 anchor rather than fully lean score-3.

2 / 3

Actionability

Every step provides fully executable, copy-paste-ready tshark commands with concrete flags, display filters, and field extractions, matching the score-3 anchor for specific executable examples rather than pseudocode.

3 / 3

Workflow Clarity

The 6-step sequence is clearly numbered, but the workflow involves batch/capture operations with no explicit validation checkpoints or validate→fix→retry feedback loops, so per the rubric guideline workflow clarity is capped at 2.

2 / 3

Progressive Disclosure

Bundle files exist (references/api-reference.md, scripts/agent.py) but the body never links to or signals them, and it duplicates much of the API reference inline (filters, statistics, object export), fitting the score-2 anchor of references present but not clearly signaled with content that should be separate kept inline.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, well-triggered with natural security terms, and clearly niched, but it lacks an explicit 'Use when…' trigger clause, which caps its completeness at 2. Adding a one-sentence trigger guidance would lift the weakest dimension.

Suggestions

Add an explicit 'Use when…' clause naming the triggering situations (e.g., 'Use when investigating suspected intrusions, exfiltration, or beaconing via packet captures, or diagnosing protocol/network issues on authorized segments.') to raise completeness to 3.

Consider including a few more user-spoken variants like 'pcap analysis' or 'packet capture' alongside 'network packet data' to broaden natural trigger coverage.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — 'Captures and analyzes network packet data,' 'identify malicious traffic patterns,' 'diagnose protocol issues,' 'extract artifacts,' 'support incident response investigations' — matching the score-3 anchor for multiple specific actions, not the score-2 'some actions' level.

3 / 3

Completeness

It richly answers 'what' but has no 'Use when…' or equivalent explicit trigger guidance, so per the rubric guideline a missing trigger clause caps completeness at 2 rather than 3.

2 / 3

Trigger Term Quality

Natural terms a security user would actually say are well covered — 'Wireshark,' 'tshark,' 'network packet data,' 'malicious traffic,' 'incident response' — rather than abstract jargon, satisfying the score-3 anchor.

3 / 3

Distinctiveness Conflict Risk

The Wireshark/tshark packet-analysis niche is sharply scoped ('on authorized network segments') and unlikely to trigger for unrelated skills, matching the score-3 'clear niche' anchor.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.