CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-ransomware-payment-wallets

Traces ransomware cryptocurrency payment flows using blockchain analysis tools such as Chainalysis Reactor, WalletExplorer, and blockchain.com APIs. Identifies wallet clusters, tracks fund movement through mixers and exchanges, and supports law enforcement attribution. Activates for requests involving ransomware payment tracing, bitcoin wallet analysis, cryptocurrency forensics, or blockchain intelligence gathering.

72

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is actionable and well-sequenced with a solid verification checklist, but it pads token budget explaining concepts Claude already knows and fails to route readers to the bundled reference and script files. Tightening the Key Concepts table and signaling the bundle files would lift the two weakest dimensions.

Suggestions

Remove or trim the 'Key Concepts' table (UTXO, Peel Chain, CoinJoin/Mixer, Common Input Ownership) - these are concepts Claude already knows - and drop the duplicated Bitcoin address-format block since it lives in references/api-reference.md.

Add explicit one-level navigation to the bundles, e.g. 'See [references/api-reference.md](references/api-reference.md) for full API response fields and address formats' and 'See [scripts/agent.py](scripts/agent.py) for a complete runnable implementation', then move the inlined endpoint detail out of the body.

DimensionReasoningScore

Conciseness

Mostly efficient with executable code and tight diagrams, but the 'Key Concepts' table explains UTXO, peel chain, CoinJoin, and common-input-ownership - concepts Claude already knows - and the Bitcoin address-format block duplicates content in references/api-reference.md. Not a 3 because of this padding; not a 1 because the bulk is lean and actionable.

2 / 3

Actionability

Provides fully executable Python (get_wallet_transactions, check_wallet_explorer) with real API URLs, concrete fund-flow indicators, a structured report template, and a complete scripts/agent.py. Matches the copy-paste-ready anchor.

3 / 3

Workflow Clarity

Five clearly sequenced steps plus a dedicated Verification checklist (validate address format, cross-reference timestamps, validate cluster heuristic, OFAC SDN check, multi-source exchange attribution). The skill is explicitly read-only, so a validate-fix-retry loop is not required; the explicit validation checklist satisfies the top anchor.

3 / 3

Progressive Disclosure

Bundle files exist (references/api-reference.md, scripts/agent.py) but the body never links or signals them, and detailed API/endpoint content is inlined rather than split out. Matches the 'references present but not clearly signaled; content that should be separate is inline' anchor. Not a 3 because navigation to the bundles is absent; not a 1 because the body is sectioned rather than a monolithic wall.

2 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is strong: third-person voice, concrete actions, explicit activation triggers, and a distinctive niche that minimizes conflict risk. Every dimension lands at the top of the scale.

DimensionReasoningScore

Specificity

Lists multiple concrete actions - 'Traces ransomware cryptocurrency payment flows', 'Identifies wallet clusters, tracks fund movement through mixers and exchanges, and supports law enforcement attribution' - matching the multiple-specific-actions anchor.

3 / 3

Completeness

Explicitly answers what it does (trace flows, identify clusters, track movement, support attribution) and when to use it via 'Activates for requests involving...'. Meets the explicit-trigger anchor; not a 2 because the when is explicit, not implied.

3 / 3

Trigger Term Quality

'Activates for requests involving ransomware payment tracing, bitcoin wallet analysis, cryptocurrency forensics, or blockchain intelligence gathering' covers natural terms an analyst would actually say. Not a 2 because it gives several phrasings rather than a single keyword; not below 3 because none are missing common variations.

3 / 3

Distinctiveness Conflict Risk

Narrow ransomware-crypto-payment niche with distinct triggers (ransomware payment tracing, bitcoin wallet analysis) is unlikely to fire for unrelated skills. Not a 2 because the niche and triggers are unambiguous.

3 / 3

Total

12

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.