analyzing-supply-chain-malware-artifacts
Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines, and sideloaded dependencies to identify intrusion vectors and scope of compromise.
48
52%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-supply-chain-malware-artifacts/SKILL.mdQuality
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is strong in specificity and distinctiveness, clearly carving out a niche around supply chain attack investigation with concrete actions listed. However, it lacks an explicit 'Use when...' clause, which is critical for Claude to know when to select this skill, and could benefit from additional natural trigger terms that users might employ when requesting this type of analysis.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user mentions supply chain attacks, compromised dependencies, suspicious build artifacts, or third-party software compromise.'
Include additional natural trigger terms users might say, such as 'dependency confusion', 'package compromise', 'third-party software risk', 'compromised npm/pip/maven package', or 'software supply chain security'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: investigating trojanized software updates, compromised build pipelines, sideloaded dependencies, identifying intrusion vectors, and scoping compromise. | 3 / 3 |
Completeness | Clearly answers 'what does this do' with specific investigation activities, but lacks an explicit 'Use when...' clause or equivalent trigger guidance, which caps this dimension at 2 per the rubric guidelines. | 2 / 3 |
Trigger Term Quality | Contains relevant domain-specific terms like 'supply chain attack', 'trojanized software updates', 'build pipelines', 'sideloaded dependencies', but misses common user-facing variations like 'SolarWinds-style attack', 'dependency confusion', 'package compromise', 'third-party compromise', or 'software supply chain'. | 2 / 3 |
Distinctiveness Conflict Risk | The focus on supply chain attack artifacts is a clear, distinct niche that is unlikely to conflict with general malware analysis, incident response, or other security skills due to the specific mention of build pipelines, sideloaded dependencies, and trojanized updates. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
37%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides a solid executable script for PE binary comparison but is fundamentally incomplete—it promises a supply chain malware analysis workflow but only delivers Step 1. The overview is padded with statistics and historical context that don't aid task execution, and the validation criteria describe desired outcomes without actionable verification steps. The skill needs significant expansion to cover the full investigation workflow it describes.
Suggestions
Complete the workflow by adding Steps 2-5 covering build pipeline analysis, dependency/package verification, code signing validation, and downstream impact scoping with executable code for each.
Add explicit validation checkpoints between steps (e.g., 'Verify binary diff results before proceeding to build artifact analysis') and error recovery guidance for common failure modes.
Remove or drastically shorten the overview statistics and 'When to Use' section—replace with a brief one-line purpose statement that respects Claude's existing knowledge of supply chain attacks.
Convert the 'Validation Criteria' bullet list into actionable verification commands or scripts that Claude can actually execute to confirm analysis completeness.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The overview paragraph contains unnecessary statistics and historical context (e.g., '18,000+ customers', '30% of all breaches') that don't help Claude perform the task. The 'When to Use' section restates obvious information. However, the code and workflow sections are reasonably efficient. | 2 / 3 |
Actionability | The binary comparison script is executable and concrete, but the skill only covers Step 1 of what should be a multi-step workflow. There's no code for build pipeline analysis, dependency sideloading detection, code signing verification, or package repository monitoring despite these being listed in prerequisites. The validation criteria are a checklist of outcomes, not actionable steps. | 2 / 3 |
Workflow Clarity | Only 'Step 1' is provided with no subsequent steps, making this an incomplete workflow for a complex multi-step investigation. There are no validation checkpoints, no feedback loops for error recovery, and no sequencing between binary comparison, build artifact analysis, and downstream impact assessment. The 'Validation Criteria' section lists desired outcomes but not how to verify them. | 1 / 3 |
Progressive Disclosure | The content has some structure with clear sections (Overview, Prerequisites, Workflow, Validation, References), and external references are provided. However, there are no bundle files to offload the detailed content that's missing (e.g., build pipeline analysis, dependency analysis), and the single-file approach results in an incomplete skill rather than a well-organized one. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
0445030
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.