analyzing-ransomware-encryption-mechanisms
Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to assess decryption feasibility, identify implementation weaknesses, and support recovery efforts. Covers AES, RSA, ChaCha20, and hybrid encryption schemes. Activates for requests involving ransomware cryptanalysis, encryption analysis, key recovery assessment, or ransomware decryption feasibility.
72
88%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines a specific niche (ransomware encryption analysis), lists concrete actions and supported algorithms, and provides explicit activation triggers. It uses proper third-person voice throughout and balances technical specificity with natural trigger terms that security professionals would use.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Analyzes encryption algorithms, key management, and file encryption routines', 'assess decryption feasibility', 'identify implementation weaknesses', 'support recovery efforts'. Also names specific algorithms: AES, RSA, ChaCha20, hybrid encryption schemes. | 3 / 3 |
Completeness | Clearly answers both 'what' (analyzes encryption algorithms, key management, file encryption routines to assess decryption feasibility and identify weaknesses) and 'when' ('Activates for requests involving ransomware cryptanalysis, encryption analysis, key recovery assessment, or ransomware decryption feasibility'). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords a user would use: 'ransomware', 'cryptanalysis', 'encryption analysis', 'key recovery', 'decryption feasibility', 'AES', 'RSA', 'ChaCha20', 'key management'. Good coverage of terms a security analyst would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche focused specifically on ransomware encryption analysis and decryption feasibility. The combination of ransomware + cryptanalysis + specific algorithm names makes it very unlikely to conflict with general security or general encryption skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, highly actionable skill with executable code examples and a well-structured multi-step workflow for ransomware encryption analysis. Its main weaknesses are moderate verbosity from glossary/tool sections that explain concepts Claude already knows, and a monolithic structure that could benefit from splitting reference material into separate files. The scenario and output format sections add significant practical value.
Suggestions
Remove or significantly trim the 'Key Concepts' glossary table — Claude already understands these cryptographic concepts and the table consumes tokens without adding actionable guidance.
Move the 'Tools & Systems' descriptions and 'Output Format' template into separate reference files (e.g., TOOLS.md, REPORT_TEMPLATE.md) and link to them from the main skill to improve progressive disclosure.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is fairly comprehensive but includes some unnecessary content for Claude. The 'Key Concepts' glossary table explains terms like CSPRNG, ECB mode, and hybrid encryption that Claude already knows well. The 'Tools & Systems' section similarly describes well-known tools. However, the core workflow steps and code examples are reasonably efficient and domain-specific enough to justify their inclusion. | 2 / 3 |
Actionability | The skill provides fully executable Python code for crypto API detection, key reuse checking, timestamp brute-forcing, ECB mode detection, and XOR key recovery. The decompiled C pseudo-code clearly illustrates the encryption flow. Commands and specific tool references (Volatility, Ghidra, NoMoreRansom.org) are concrete and actionable. | 3 / 3 |
Workflow Clarity | The six-step workflow is clearly sequenced from algorithm identification through key analysis, encryption routine examination, weakness testing, key recovery, and documentation. The scenario section includes explicit validation guidance (work on copies, verify per-file vs single key). The pitfalls section serves as a validation checklist for destructive operations. The workflow naturally builds from identification to exploitation to reporting. | 3 / 3 |
Progressive Disclosure | The content is a monolithic document with no references to supporting files despite being over 200 lines. The Key Concepts table, Tools & Systems section, and detailed output format template could be split into separate reference files. However, the content is well-organized with clear section headers and logical flow, preventing it from being a true wall of text. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
0f429d0
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.