CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-tls-certificate-transparency-logs

Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate issuance, and shadow IT. Monitors newly issued certificates for typosquatting and brand impersonation using Levenshtein distance. Use for proactive phishing domain detection and certificate monitoring.

63

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A concise, readable overview with executable starter code, but it stays at surface level: the analysis steps lack concrete code and the existing reference/script bundle is never referenced from the body. Signaling the bundle and tightening the workflow with validation would lift it.

Suggestions

Reference the bundle from the body, e.g. add '## API reference: See [references/api-reference.md](references/api-reference.md)' and 'Run `python scripts/agent.py --domain example.com --action full_scan`' so the richer material is discoverable.

Make the numbered analysis steps actionable — give the Levenshtein-distance threshold and a runnable check, or point to the corresponding functions in scripts/agent.py (detect_typosquatting, detect_unauthorized_cas).

Add a validation step to the workflow, such as verifying crt.sh returned results and sanity-checking flagged typosquatting hits before reporting, to introduce a feedback loop.

DimensionReasoningScore

Conciseness

The body is lean, assumes competence, and avoids explaining what CT logs or pycrtsh are; every line is a working snippet or a numbered analysis step with no padding.

3 / 3

Actionability

It provides real executable pycrtsh snippets, but the numbered steps ('Identify certificates with typosquatting variations', 'Cross-reference with known phishing infrastructure') describe analysis without giving the runnable code or thresholds needed to actually perform them.

2 / 3

Workflow Clarity

The five numbered steps give a sequence, but there are no validation checkpoints or feedback loops, and the bundled scripts/agent.py that performs the real work is never invoked or surfaced in the workflow.

2 / 3

Progressive Disclosure

Sections are organized and reference/scripts bundle files exist, but the body never signals or links to references/api-reference.md or scripts/agent.py, so the richer material is not navigable from the overview.

2 / 3

Total

9

/

12

Passed

Description

85%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, complete, and distinct, with explicit 'Use for' trigger guidance. Its only weakness is trigger-term variety, relying on a few technical terms rather than a broad spread of natural phrasings a user might say.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — 'detect phishing domains, unauthorized certificate issuance, and shadow IT' and 'Monitors newly issued certificates for typosquatting and brand impersonation using Levenshtein distance' — matching the anchor for listing several specific concrete actions.

3 / 3

Completeness

Explicitly answers both what it does (queries CT logs to detect phishing/unauthorized issuance/shadow IT) and when to use it via the explicit 'Use for proactive phishing domain detection and certificate monitoring' trigger clause.

3 / 3

Trigger Term Quality

Includes relevant terms like 'phishing domains', 'typosquatting', and 'certificate monitoring', but lacks common phrasings a user would naturally say such as 'SSL certs', 'fake domains', or 'lookalike domains', so coverage is partial.

2 / 3

Distinctiveness Conflict Risk

Occupies a clear, narrow niche (CT log / crt.sh phishing detection) with distinct triggers unlikely to overlap with other skills, matching the clear-niche anchor.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.