analyzing-ransomware-payment-wallets
Traces ransomware cryptocurrency payment flows using blockchain analysis tools such as Chainalysis Reactor, WalletExplorer, and blockchain.com APIs. Identifies wallet clusters, tracks fund movement through mixers and exchanges, and supports law enforcement attribution. Activates for requests involving ransomware payment tracing, bitcoin wallet analysis, cryptocurrency forensics, or blockchain intelligence gathering.
70
63%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-ransomware-payment-wallets/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines a specialized niche in cryptocurrency forensics for ransomware investigations. It lists concrete actions, names specific tools, and provides explicit trigger conditions with natural keywords. The description is concise yet comprehensive, making it easy for Claude to distinguish this skill from others.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: tracing payment flows, identifying wallet clusters, tracking fund movement through mixers and exchanges, and supporting law enforcement attribution. Also names specific tools (Chainalysis Reactor, WalletExplorer, blockchain.com APIs). | 3 / 3 |
Completeness | Clearly answers both 'what' (traces ransomware cryptocurrency payment flows, identifies wallet clusters, tracks fund movement) and 'when' ('Activates for requests involving ransomware payment tracing, bitcoin wallet analysis, cryptocurrency forensics, or blockchain intelligence gathering'). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'ransomware payment tracing', 'bitcoin wallet analysis', 'cryptocurrency forensics', 'blockchain intelligence gathering', 'mixers', 'exchanges'. Good coverage of terms a user in this domain would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche combining ransomware, cryptocurrency forensics, and blockchain analysis with specific tools. Very unlikely to conflict with other skills given the specialized domain of law enforcement cryptocurrency tracing. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
27%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill covers a legitimate and complex forensic workflow but suffers from significant verbosity, explaining concepts Claude already knows (UTXO definitions, address formats, what mixers are). The actionable code is limited to two API query functions while the core analytical steps (cluster analysis, peel chain detection, report generation) remain descriptive rather than executable. The monolithic structure with no external references and separated verification steps further weaken the skill.
Suggestions
Remove the Key Concepts table and Tools & Systems descriptions entirely—Claude already knows these concepts. Keep only tool-specific configuration details or API endpoints that are non-obvious.
Add executable code for Steps 3 and 5: implement peel chain detection logic, cluster analysis using common-input-ownership heuristic, and a function that generates the structured attribution report.
Integrate verification checkpoints directly into the workflow steps (e.g., validate address format in Step 1 before querying, check API response codes in Step 2, validate cluster associations in Step 3) with explicit error recovery paths.
Split detailed reference material (address format examples, tool descriptions, report templates) into separate linked files and keep SKILL.md as a concise workflow overview.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is verbose and explains many concepts Claude already knows (Bitcoin address formats, what UTXOs are, what mixers are, what peel chains are). The Key Concepts table is entirely unnecessary for Claude. The prerequisites section explains basic concepts like 'UTXOs, inputs, outputs, change addresses' and 'mixers, tumblers, peel chains, cross-chain swaps' that Claude already understands. The Tools & Systems section describes each tool with definitions Claude would already know. | 1 / 3 |
Actionability | The skill provides some executable Python code for querying blockchain.com and WalletExplorer APIs, which is useful. However, the fund flow analysis in Step 3 is purely descriptive ASCII art rather than executable code, and the attribution report in Step 5 is a template rather than code to generate it. Key analytical steps (cluster analysis, peel chain detection) lack concrete implementation. | 2 / 3 |
Workflow Clarity | The 5-step workflow is clearly sequenced and logically ordered. However, validation checkpoints are listed separately in a Verification section rather than integrated into the workflow steps. There are no feedback loops for error recovery (e.g., what to do when an API returns no data, when a wallet is Monero and untraceable, or when cluster analysis yields ambiguous results). | 2 / 3 |
Progressive Disclosure | The content is a monolithic wall of text with no references to external files. The Key Concepts table, Tools & Systems section, and detailed fund flow diagrams could all be split into separate reference files. Everything is inline with no navigation structure for discovery. | 1 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
888bbe4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.