CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-packed-malware-with-upx-unpacker

Identifies and unpacks UPX-packed and other packed malware samples to expose the original executable code for static analysis. Covers both standard UPX unpacking and handling modified UPX headers that prevent automated decompression. Activates for requests involving malware unpacking, UPX decompression, packer removal, or preparing packed samples for analysis.

72

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A highly actionable, well-sequenced unpacking workflow with strong validation, but it is less token-efficient than it could be and fails to leverage its own bundle files. Most of the api-reference.md content is duplicated inline while scripts/agent.py goes unreferenced.

Suggestions

Remove or shrink the "Key Concepts" and "Tools & Systems" sections, which restate concepts Claude already knows; keep only malware-specific thresholds and offsets Claude would not recall.

Move the UPX/pefile/DIE syntax blocks out of the body and reference references/api-reference.md with a one-line link, since that file already duplicates this content.

Either reference scripts/agent.py in the relevant workflow step or remove it from the bundle, so progressive disclosure is signaled consistently.

DimensionReasoningScore

Conciseness

Mostly efficient with executable code, but the "Key Concepts" and "Tools & Systems" sections re-explain basics Claude already knows (what packing/UPX/PUSHAD-POPAD/magic bytes are), and code comments add narration that could be trimmed.

2 / 3

Actionability

Provides fully executable bash and Python (real offsets, byte patterns, struct unpacks) plus concrete x64dbg menu/Scylla steps that are copy-paste ready, matching the level-3 anchor.

3 / 3

Workflow Clarity

A clearly sequenced 5-step workflow with an explicit validation checkpoint (Step 5: Validate Unpacked Binary) and error-recovery guidance (Scenario pitfalls: fall back to manual unpacking, double-packing, overlay checks).

3 / 3

Progressive Disclosure

Bundle files exist (references/api-reference.md, scripts/agent.py) but the body never signals or links to them, and tool/API detail that belongs in api-reference.md is inlined instead — structure present but references not clearly used.

2 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A focused, third-person description that concretely states capabilities and provides explicit activation triggers for a well-bounded malware-analysis niche. It scores top marks across all dimensions with no verbosity or over-claims.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — "Identifies and unpacks", "expose the original executable code for static analysis", and "handling modified UPX headers that prevent automated decompression" — rather than vague language.

3 / 3

Completeness

Clearly answers what ("Identifies and unpacks UPX-packed and other packed malware samples") and when (explicit "Activates for requests involving..." trigger clause), matching the level-3 anchor.

3 / 3

Trigger Term Quality

"Activates for requests involving malware unpacking, UPX decompression, packer removal, or preparing packed samples for analysis" gives good coverage of natural terms an analyst would say.

3 / 3

Distinctiveness Conflict Risk

UPX-packed malware unpacking with modified-header handling is a narrow, distinct niche with specific triggers unlikely to collide with other skills.

3 / 3

Total

12

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.