analyzing-ransomware-encryption-mechanisms
Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to assess decryption feasibility, identify implementation weaknesses, and support recovery efforts. Covers AES, RSA, ChaCha20, and hybrid encryption schemes. Activates for requests involving ransomware cryptanalysis, encryption analysis, key recovery assessment, or ransomware decryption feasibility.
90
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines a specific niche (ransomware encryption analysis), lists concrete actions and specific algorithms, and includes an explicit activation clause with natural trigger terms. It uses proper third-person voice throughout and would be easily distinguishable from other security-related skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Analyzes encryption algorithms, key management, and file encryption routines', 'assess decryption feasibility', 'identify implementation weaknesses', 'support recovery efforts'. Also names specific algorithms: AES, RSA, ChaCha20, hybrid encryption schemes. | 3 / 3 |
Completeness | Clearly answers both 'what' (analyzes encryption algorithms, key management, file encryption routines to assess decryption feasibility and identify weaknesses) and 'when' ('Activates for requests involving ransomware cryptanalysis, encryption analysis, key recovery assessment, or ransomware decryption feasibility'). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords a user would use: 'ransomware', 'cryptanalysis', 'encryption analysis', 'key recovery', 'decryption feasibility', 'AES', 'RSA', 'ChaCha20', 'key management'. Good coverage of terms a security analyst would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche focused specifically on ransomware encryption analysis and decryption feasibility. The combination of ransomware + cryptanalysis + specific algorithm names makes it very unlikely to conflict with general security or general encryption skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, highly actionable skill with executable code examples and a well-structured multi-step workflow covering ransomware encryption analysis end-to-end. Its main weaknesses are moderate verbosity—particularly the glossary of terms and tool descriptions that Claude already knows—and a monolithic structure that could benefit from splitting reference material into separate files. The output format template and scenario walkthrough are excellent additions that make the skill immediately usable.
Suggestions
Remove or significantly trim the Key Concepts glossary table—Claude already knows what ECB mode, CSPRNG, and hybrid encryption are. Keep only project-specific terminology if any.
Move the Tools & Systems section and Common Scenarios into separate referenced files (e.g., TOOLS.md, SCENARIOS.md) to improve progressive disclosure and reduce the main file's token footprint.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is fairly comprehensive but includes some unnecessary content that Claude would already know, such as the Key Concepts glossary defining terms like CSPRNG, ECB mode, and hybrid encryption. The Tools & Systems section also explains well-known tools. However, the core workflow steps and code examples are reasonably efficient. | 2 / 3 |
Actionability | The skill provides fully executable Python code for detecting crypto API imports, checking key reuse, brute-forcing timestamp-derived keys, detecting ECB mode, and XOR key recovery. The decompiled C pseudo-code clearly illustrates the encryption flow. Commands and specific tools are named with concrete usage patterns. | 3 / 3 |
Workflow Clarity | The 6-step workflow is clearly sequenced from identification through analysis to documentation. Validation is embedded throughout—Step 4 explicitly tests for weaknesses before attempting recovery in Step 5. The scenario section includes a feedback loop (check existing decryptors → reverse engineer → test weaknesses → scan memory) and explicitly warns about destructive pitfalls like testing on the only copy of encrypted files. | 3 / 3 |
Progressive Disclosure | The content is entirely self-contained in a single long document (~200+ lines of substantive content) with no references to external detail files. The Key Concepts table, Tools & Systems section, and Common Scenarios could be split into separate reference files. However, the content is well-organized with clear headers and the inline structure is logical. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
c15f73d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.