CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-ransomware-leak-site-intelligence

Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence on group tactics, and assess sector-specific ransomware risk for proactive defense.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with complete executable code and a clear five-step workflow, but it is undercut by some redundant conceptual explanation, missing in-flow validation checkpoints, and orphaned bundle files that are never linked from the main content.

Suggestions

Trim the 'Key Concepts' section to domain-specific guidance Claude would not already know, and move the H1 2025 statistics to a clearly dated context section.

Add explicit validation checkpoints between workflow steps (e.g., verify post count after ingestion, confirm non-empty sectors before risk scoring) with retry-on-failure guidance.

Link the existing bundle files from the body — reference references/api-reference.md for feed schemas and scripts/agent.py for the runnable collector — so the overview points one level deep to detailed material.

DimensionReasoningScore

Conciseness

The five code blocks are efficient, but the 'Key Concepts' section explains the double-extortion model and DLS value that a threat-intel Claude largely already knows, and the Overview embeds time-sensitive H1 2025 statistics outside any deprecated section.

2 / 3

Actionability

Five complete, executable Python blocks with real ransomwatch API endpoints and full function bodies are copy-paste ready, matching the anchor for fully executable code.

3 / 3

Workflow Clarity

A clear five-step sequence is present, but batch intelligence-collection steps lack explicit in-flow validation checkpoints or error-recovery feedback loops, which caps workflow clarity at 2.

2 / 3

Progressive Disclosure

Bundle files exist (references/api-reference.md, scripts/agent.py) but are never referenced or signaled from the body, and the code is inlined rather than split out, leaving structure present but navigation unclear.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A specific, well-scoped description with concrete actions and natural trigger terms, written in third person. Its main weakness is the absence of an explicit 'Use when...' trigger clause, which leaves the activation conditions implied rather than stated.

Suggestions

Add an explicit 'Use when...' clause, e.g. 'Use when investigating ransomware incidents, tracking leak-site victims, or building threat intel on extortion groups.'

Include common user phrasings such as 'ransomware leak site', 'victim list', or 'extortion monitoring' to broaden natural trigger coverage.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — 'track victim postings', 'extract threat intelligence on group tactics', and 'assess sector-specific ransomware risk' — matching the anchor for several specific actions rather than a single vague one.

3 / 3

Completeness

Clearly states what the skill does but lacks any 'Use when...' clause or equivalent explicit trigger guidance, which per the rubric caps completeness at 2.

2 / 3

Trigger Term Quality

Contains natural terms a threat-intel user would say — 'ransomware', 'data leak sites (DLS)', 'victim postings', 'threat intelligence' — giving good coverage of natural phrasing.

3 / 3

Distinctiveness Conflict Risk

The ransomware leak-site niche is distinct and unlikely to trigger for unrelated skills, and the description uses third-person voice as required.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.