analyzing-supply-chain-malware-artifacts
Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines, and sideloaded dependencies to identify intrusion vectors and scope of compromise.
67
60%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-supply-chain-malware-artifacts/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is strong in specificity and domain terminology, listing concrete supply chain attack investigation capabilities with natural trigger terms that security professionals would use. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know precisely when to select this skill over other security-related skills.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user mentions supply chain attacks, compromised builds, trojanized updates, dependency hijacking, or build pipeline security investigations.'
Consider adding file type or artifact format keywords users might mention, such as 'SBOM', 'package manifest', 'CI/CD pipeline', or specific build systems like 'Jenkins', 'GitHub Actions' to broaden trigger coverage.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'investigate supply chain attack artifacts', 'trojanized software updates', 'compromised build pipelines', 'sideloaded dependencies', 'identify intrusion vectors and scope of compromise'. These are concrete, domain-specific capabilities. | 3 / 3 |
Completeness | The 'what' is well-covered (investigate supply chain attack artifacts, identify intrusion vectors and scope), but there is no explicit 'Use when...' clause or equivalent trigger guidance telling Claude when to select this skill. Per rubric guidelines, this caps completeness at 2. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords a user investigating a supply chain attack would use: 'supply chain attack', 'trojanized software updates', 'compromised build pipelines', 'sideloaded dependencies', 'intrusion vectors', 'scope of compromise'. These are terms security analysts would naturally mention. | 3 / 3 |
Distinctiveness Conflict Risk | The description carves out a very specific niche around supply chain attacks, build pipeline compromise, and sideloaded dependencies. This is highly distinctive and unlikely to conflict with general security or malware analysis skills due to the specificity of the domain. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
37%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides a solid executable Python script for PE binary comparison but is fundamentally incomplete—it promises a supply chain analysis workflow but delivers only one step. The overview is verbose with statistics and historical context Claude doesn't need, and the workflow lacks validation checkpoints and error recovery loops critical for forensic investigation procedures.
Suggestions
Complete the workflow with concrete steps for build pipeline analysis, dependency sideloading detection, code signing verification (e.g., sigcheck/codesign commands), and package repository monitoring—or explicitly scope the skill to binary comparison only.
Add explicit validation checkpoints between steps, such as verifying binary diff results before proceeding to code signing analysis, and include feedback loops for when anomalies are found.
Remove the verbose overview statistics and historical context (SolarWinds customer counts, breach percentages) that Claude already knows, and trim the generic 'When to Use' section.
Convert the 'Validation Criteria' bullet list into actionable verification steps with specific commands or checks to perform at each stage.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The overview contains unnecessary statistics and historical context (e.g., '30% of all breaches', 'a 100% increase from prior years', detailed SolarWinds/3CX descriptions) that Claude already knows. The 'When to Use' section is generic and adds little value. However, the code itself is reasonably focused. | 2 / 3 |
Actionability | The binary comparison script is executable and concrete, but the workflow only covers Step 1 of what should be a multi-step process. There are no concrete steps for build pipeline analysis, dependency sideloading detection, code signing verification commands, or package repository monitoring—all mentioned in prerequisites but never addressed with actionable guidance. | 2 / 3 |
Workflow Clarity | Only 'Step 1' is provided with no subsequent steps, making this an incomplete workflow for a complex multi-step investigation. There are no validation checkpoints, no feedback loops for error recovery, and the 'Validation Criteria' section is just a checklist of outcomes with no instructions on how to verify them. For a destructive/forensic investigation context, this is insufficient. | 1 / 3 |
Progressive Disclosure | The content has some structure with sections (Overview, Prerequisites, Workflow, Validation, References), and external references are provided. However, the single step contains a large inline code block that could be referenced externally, and there's no signposting to additional detailed guides for the missing workflow steps (build pipeline analysis, dependency analysis, etc.). | 2 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
888bbe4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.