analyzing-supply-chain-malware-artifacts
Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines, and sideloaded dependencies to identify intrusion vectors and scope of compromise.
48
52%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-supply-chain-malware-artifacts/SKILL.mdQuality
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is strong in specificity and distinctiveness, clearly carving out a niche around supply chain attack investigation with concrete artifact types. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill. The trigger terms are domain-appropriate but lean technical, potentially missing how users naturally describe these scenarios.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when investigating suspected supply chain compromises, trojanized updates, or malicious dependencies in build systems.'
Include more natural user-facing trigger terms such as 'dependency poisoning', 'compromised package', 'third-party software compromise', or 'upstream attack' to improve keyword coverage.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: investigating trojanized software updates, compromised build pipelines, sideloaded dependencies, identifying intrusion vectors, and scoping compromise. | 3 / 3 |
Completeness | Clearly answers 'what does this do' with specific investigation activities, but lacks an explicit 'Use when...' clause or equivalent trigger guidance, which caps this at 2 per the rubric guidelines. | 2 / 3 |
Trigger Term Quality | Includes relevant domain terms like 'supply chain attack', 'trojanized software updates', 'build pipelines', 'sideloaded dependencies', but these are somewhat technical. Missing more common user-facing terms like 'SolarWinds-style attack', 'dependency poisoning', 'package compromise', or 'third-party software compromise'. | 2 / 3 |
Distinctiveness Conflict Risk | Supply chain attack investigation is a clearly defined niche. The specific mention of trojanized updates, build pipelines, and sideloaded dependencies makes this highly distinguishable from general malware analysis or incident response skills. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
37%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides a solid starting point with executable Python code for PE binary comparison, but it is fundamentally incomplete — only Step 1 of a multi-step supply chain investigation workflow is present. The overview and validation criteria promise comprehensive coverage (build pipeline analysis, dependency sideloading, code signing verification, timeline reconstruction) that the body never delivers. The introductory sections contain unnecessary verbosity with statistics and historical context that don't aid task execution.
Suggestions
Add the missing workflow steps (Steps 2-5+) covering build artifact analysis, dependency verification, code signing validation, and IOC extraction — each with concrete commands or executable code.
Add explicit validation checkpoints between steps (e.g., 'Verify binary diff results before proceeding to build pipeline analysis') and error recovery guidance for common failure modes.
Remove or drastically shorten the overview statistics and historical examples (SolarWinds customer count, breach percentages) — these don't help Claude perform the analysis.
Convert the 'Validation Criteria' bullet list into actionable verification steps with specific commands or checks that confirm each criterion is met.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The overview paragraph contains unnecessary statistics and historical context (e.g., '18,000+ customers', '30% of all breaches') that don't help Claude perform the task. The 'When to Use' section restates obvious applicability. However, the code and workflow sections are reasonably focused. | 2 / 3 |
Actionability | Step 1 provides executable Python code for binary comparison, which is good. However, the workflow only covers Step 1 — there are no subsequent steps for build pipeline analysis, dependency sideloading, code signing verification, or IOC extraction despite these being mentioned in the overview and validation criteria. The skill promises much more than it delivers. | 2 / 3 |
Workflow Clarity | Only 'Step 1' exists with no subsequent steps, making this an incomplete workflow for a complex multi-step investigation. There are no validation checkpoints, no feedback loops for error recovery, and no sequencing between binary comparison, build artifact analysis, and downstream impact assessment. The 'Validation Criteria' section is a checklist of outcomes, not actionable verification steps. | 1 / 3 |
Progressive Disclosure | The content has some structural organization with headers (Overview, Prerequisites, Workflow, Validation, References), and external references are provided. However, there are no bundle files to offload detailed content, and the single-step workflow with a large inline code block suggests content that could benefit from better splitting. The references section is well-organized. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
0f429d0
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.