CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-ransomware-encryption-mechanisms

Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to assess decryption feasibility, identify implementation weaknesses, and support recovery efforts. Covers AES, RSA, ChaCha20, and hybrid encryption schemes. Activates for requests involving ransomware cryptanalysis, encryption analysis, key recovery assessment, or ransomware decryption feasibility.

68

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

Highly actionable with strong executable code and a clear sequenced workflow, but it is verbose in places and fails to leverage its bundle files — the api-reference.md and agent.py are never referenced from SKILL.md.

Suggestions

Remove or trim the 'Key Concepts' table entries that re-explain well-known cryptography (ECB, CSPRNG, hybrid encryption) to respect token budget.

Add an explicit validation checkpoint in the workflow (e.g., verify a decrypted sample against its known-plaintext before declaring recovery successful) and a work-on-copies gate as a numbered step.

Link references/api-reference.md and scripts/agent.py from the relevant sections (e.g., 'API reference: See [api-reference.md](references/api-reference.md)') and move the inline PyCryptodome usage there to shorten the body.

DimensionReasoningScore

Conciseness

Mostly efficient and action-oriented, but the 'Key Concepts' table explains crypto Claude already knows (Hybrid Encryption, ECB Mode, CSPRNG) and some commentary could be trimmed; not every token earns its place.

2 / 3

Actionability

Provides multiple copy-paste-ready, executable snippets — pefile import scanning, AES key-reuse/ECB tests, timestamp brute force, and XOR key recovery — with concrete commands and clear examples.

3 / 3

Workflow Clarity

The six steps are clearly sequenced and a Pitfalls section offers caution, but there is no explicit validate→fix→retry checkpoint within the recovery flow despite the destructive/sensitive nature of testing decryption on files.

2 / 3

Progressive Disclosure

The body is a long monolithic document with reference-style content inline, while bundle files references/api-reference.md and scripts/agent.py exist but are never signaled or linked from the body.

2 / 3

Total

9

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, third-person description that clearly states concrete capabilities and explicit activation triggers tied to ransomware cryptanalysis. It answers both what and when without padding.

DimensionReasoningScore

Specificity

Names multiple concrete actions — 'Analyzes encryption algorithms, key management, and file encryption routines', 'assess decryption feasibility, identify implementation weaknesses, and support recovery efforts' — matching the multiple-specific-actions anchor.

3 / 3

Completeness

Explicitly answers both what it does (analyze algorithms, key management, routines, assess feasibility) and when to use it ('Activates for requests involving...'), with a clear 'Activates for' trigger clause.

3 / 3

Trigger Term Quality

'Activates for requests involving ransomware cryptanalysis, encryption analysis, key recovery assessment, or ransomware decryption feasibility' provides natural terms an analyst would actually say, with good coverage of variations.

3 / 3

Distinctiveness Conflict Risk

Narrowly scoped to ransomware encryption cryptanalysis with family-specific triggers, making it clearly distinguishable and unlikely to fire for unrelated skills.

3 / 3

Total

12

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.