analyzing-ransomware-payment-wallets
Traces ransomware cryptocurrency payment flows using blockchain analysis tools such as Chainalysis Reactor, WalletExplorer, and blockchain.com APIs. Identifies wallet clusters, tracks fund movement through mixers and exchanges, and supports law enforcement attribution. Activates for requests involving ransomware payment tracing, bitcoin wallet analysis, cryptocurrency forensics, or blockchain intelligence gathering.
56
63%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-ransomware-payment-wallets/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly articulates specific capabilities (tracing payment flows, identifying wallet clusters, tracking through mixers/exchanges), names concrete tools, and provides explicit trigger conditions via the 'Activates for...' clause. It occupies a very distinct niche in cryptocurrency forensics that would be easily distinguishable from other skills. The description is concise yet comprehensive.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: traces payment flows, identifies wallet clusters, tracks fund movement through mixers and exchanges, supports law enforcement attribution. Also names specific tools (Chainalysis Reactor, WalletExplorer, blockchain.com APIs). | 3 / 3 |
Completeness | Clearly answers both what (traces ransomware cryptocurrency payment flows, identifies wallet clusters, tracks fund movement) and when ('Activates for requests involving ransomware payment tracing, bitcoin wallet analysis, cryptocurrency forensics, or blockchain intelligence gathering'). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'ransomware payment tracing', 'bitcoin wallet analysis', 'cryptocurrency forensics', 'blockchain intelligence gathering', plus domain terms like 'mixers', 'exchanges', 'wallet clusters'. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche combining ransomware, cryptocurrency forensics, and law enforcement attribution. Very unlikely to conflict with other skills given the specialized domain and specific tool references. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
27%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill covers a legitimate and complex forensic workflow but suffers from significant verbosity, explaining concepts Claude already understands (UTXO model, address formats, what mixers are). The actionable code is limited to two API query functions while the core analytical steps (fund tracing, cluster analysis, report generation) remain descriptive rather than executable. The monolithic structure with no supporting files and no inline validation checkpoints weakens both progressive disclosure and workflow clarity.
Suggestions
Remove the Key Concepts glossary table and Tools & Systems descriptions entirely—Claude knows these concepts. Replace with a brief inline mention only where contextually needed.
Add executable code for the fund flow tracing (Step 3) and cluster analysis steps, such as a function that recursively follows transaction outputs and builds a graph of downstream addresses.
Integrate verification steps directly into the workflow (e.g., validate address format before Step 2, check OFAC list immediately after identifying downstream addresses in Step 3) rather than listing them in a separate section.
Split the report template, address format reference, and tool descriptions into separate bundle files (e.g., REPORT_TEMPLATE.md, TOOLS.md) and reference them from the main skill with one-level-deep links.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is verbose and explains many concepts Claude already knows (Bitcoin address formats, what UTXOs are, what mixers are, what peel chains are). The 'Key Concepts' glossary table and 'Tools & Systems' descriptions are unnecessary padding. The 'When to Use' section has 5 bullet points that over-explain obvious use cases. The fund flow ASCII diagram, while visually appealing, restates what the surrounding text already conveys. | 1 / 3 |
Actionability | The Python code snippets for querying blockchain.com and WalletExplorer APIs are concrete and executable, which is good. However, the fund flow tracing (Step 3) is purely descriptive with an ASCII diagram rather than executable code. The cluster analysis step lacks actual implementation. The report generation (Step 5) is a static template rather than code that produces it. Key analytical steps are described rather than instrumented. | 2 / 3 |
Workflow Clarity | The 5-step workflow is clearly sequenced and logically ordered. However, validation is relegated to a separate 'Verification' section rather than being integrated as checkpoints within the workflow steps. There are no feedback loops for error recovery (e.g., what to do when an API returns no data, when a wallet is Monero and untraceable, or when mixer detection fails). For an investigation workflow involving potentially sanctioned entities, inline validation is important. | 2 / 3 |
Progressive Disclosure | The content is a monolithic wall of text with no bundle files and no references to external files. The Key Concepts table, Tools & Systems list, and detailed fund flow diagrams could all be split into reference files. Everything is inline in a single document that runs quite long, with no navigation structure beyond the step headers. | 1 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
0445030
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.