CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-outlook-pst-for-email-forensics

Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments, deleted items, and metadata using libpff, pst-utils, and forensic email analysis tools for legal investigations and incident response.

59

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with executable code and commands, but it carries unnecessary background and a verbose example output, lacks an explicit validated workflow, and fails to reference the bundle files that duplicate its inline content.

Suggestions

Trim the Overview background and condense the Example Output; assume Claude's knowledge of PST/MAPI fundamentals.

Add an explicit numbered investigation workflow with validation checkpoints (hash original for integrity, export, validate parse errors, re-verify) — or link references/workflows.md which already contains it.

Reference the bundle files (references/workflows.md, references/api-reference.md, scripts/agent.py) instead of inlining the full analyzer script, keeping SKILL.md as an overview.

DimensionReasoningScore

Conciseness

The content is mostly actionable, but the Overview explains background Claude already knows ('proprietary binary format based on the MAPI property system', 'Unicode format with 4KB pages ... 50GB') and the ~80-line Example Output block is verbose illustration that could be trimmed.

2 / 3

Actionability

It provides fully executable bash commands (pffexport, pffinfo) and a complete, copy-paste-ready Python PSTForensicAnalyzer class, matching the executable-code anchor.

3 / 3

Workflow Clarity

A sequence is implied (export then analyze then report) via the example, but there is no explicit numbered investigation workflow with validation/integrity checkpoints for a batch forensic operation, which the notes cap at 2.

2 / 3

Progressive Disclosure

The body is organized into clear sections, but it inlines a ~150-line script while a scripts/agent.py bundle file exists, and none of the bundle references (workflows.md, api-reference.md, standards.md) are linked from the body — content that should be separate is inline and references are not signaled.

2 / 3

Total

9

/

12

Passed

Description

72%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, third-person, and well-targeted to a distinct forensic niche with good natural trigger terms, but it lacks an explicit 'Use when...' trigger clause and uses a single action verb rather than enumerating distinct capabilities.

Suggestions

Add an explicit 'Use when...' trigger clause naming concrete situations (e.g. 'Use when investigating Outlook PST/OST files for email evidence, header tracing, deleted-item recovery, or attachment analysis').

Replace the single 'Analyze' verb with distinct actions (extract headers, recover deleted items, export attachments, reconstruct communication patterns) to raise specificity.

DimensionReasoningScore

Specificity

It names the domain (PST/OST forensic analysis) and enumerates concrete evidence types ('message content, headers, attachments, deleted items, and metadata'), but relies on a single action verb 'Analyze' rather than listing multiple distinct actions as the score-3 anchor requires.

2 / 3

Completeness

It clearly answers 'what' (analyze PST/OST forensic evidence) but the 'when' is only a purpose clause ('for legal investigations and incident response') with no explicit 'Use when...' trigger, which the guidelines cap at 2.

2 / 3

Trigger Term Quality

It covers natural terms a user would say — 'Microsoft Outlook PST and OST files', 'email forensic evidence', 'libpff' — including both PST and OST variations, matching the good-coverage anchor.

3 / 3

Distinctiveness Conflict Risk

The PST/OST email-forensics niche with tool names (libpff, pst-utils) is clearly distinct and unlikely to trigger for unrelated skills.

3 / 3

Total

10

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.