CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-threat-actor-ttps-with-mitre-attack

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. This skill covers systematically mapping threat actor beh

58

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with executable code and a clear sequenced workflow, but it is somewhat verbose in its concept explanations and fails to route detail into the available bundle reference files.

Suggestions

Trim the 'Key Concepts' section to the non-obvious operational specifics (group IDs, layer schema) and drop explanations of what Tactics/Techniques and the Navigator are.

Move the detailed API usage and Navigator layer schema into references/api-reference.md and workflows.md, and add clearly signaled one-level links from SKILL.md to those bundle files.

DimensionReasoningScore

Conciseness

The workflow code is lean and earns its place, but the 'Key Concepts' section explains what Tactics/Techniques/Sub-techniques, threat group profiles, and the Navigator are — concepts Claude already knows — so it is mostly efficient with some removable explanation.

2 / 3

Actionability

Five complete, executable Python blocks use the real attackcti API with concrete group IDs (G0016, G0007, G0032) and a fully-specified Navigator layer JSON — copy-paste ready and specific.

3 / 3

Workflow Clarity

A clearly sequenced 5-step workflow with verifiable output at each step and an explicit 'Validation Criteria' checklist; operations are read-only (no destructive/batch work), so the absence of inline fix-retry feedback loops is not penalized.

3 / 3

Progressive Disclosure

Sections are well organized, but the body holds all code inline and the 'References' section lists only external URLs — the provided bundle files (references/api-reference.md, standards.md, workflows.md; scripts/agent.py, process.py) are never signaled, so content that could be split out remains inline.

2 / 3

Total

10

/

12

Passed

Description

57%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description identifies a clear, distinct niche but is truncated mid-word and lacks any explicit 'Use when' trigger guidance, capping both completeness and specificity at 2.

Suggestions

Complete the truncated description (it ends at 'threat actor beh') and enumerate the concrete actions it performs, e.g. mapping behavior to ATT&CK, building Navigator heatmaps, and identifying detection gaps.

Add an explicit trigger clause such as 'Use when analyzing threat actor TTPs, mapping IOCs to MITRE ATT&CK techniques, or identifying detection coverage gaps.'

DimensionReasoningScore

Specificity

Names the domain ('MITRE ATT&CK', 'TTPs') and one action ('systematically mapping threat actor beh[avior]'), but the field is truncated mid-word so the action list is incomplete — not the multiple concrete actions needed for a 3.

2 / 3

Completeness

States a partial 'what' (mapping threat actor behavior) but is cut off mid-sentence and has no 'Use when...' trigger clause; per the guidelines a missing explicit trigger caps completeness at 2.

2 / 3

Trigger Term Quality

Contains relevant natural terms ('MITRE ATT&CK', 'TTPs', 'threat actor') a CTI analyst would say, but misses common variations (IOC, threat intel, detection gaps) and the truncation cuts off further keywords.

2 / 3

Distinctiveness Conflict Risk

The MITRE ATT&CK TTP-mapping niche is specific and unlikely to trigger for the wrong skill, matching the 'clear niche with distinct triggers' anchor.

3 / 3

Total

9

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.