CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-typosquatting-domains-with-dnstwist

Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations and identify registered lookalike domains targeting your organization.

57

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is highly actionable with executable code and a clear sequenced workflow, but it is padded with concept restatements and large inline scripts while failing to reference its own bundle files or include validation feedback loops for its batch operations.

Suggestions

Reference the existing bundle files from the body (e.g., 'See references/api-reference.md for the full dnstwist CLI flags and output fields') and move the large inline scripts toward scripts/agent.py to reduce duplication.

Add explicit validation checkpoints inside the workflow (e.g., verify scan JSON parsed correctly, confirm known-domains registry integrity before/after writes) with fix-and-retry guidance for the batch monitoring pipeline.

Trim the Overview and Key Concepts prose that restates what dnstwist and fuzzy hashing do, keeping only what is non-obvious for executing the workflow.

DimensionReasoningScore

Conciseness

The body is mostly efficient with real executable code, but ~200 lines of inline Python plus prose restating concepts Claude already knows (permutation techniques, fuzzy hashing, the detection workflow) keep it from the lean score-3 anchor while remaining above the padded score-1 floor.

2 / 3

Actionability

Four workflow steps provide fully executable, copy-paste Python with specific dnstwist flags, concrete risk-scoring logic, and clear outputs, matching the fully-executable score-3 anchor rather than the pseudocode score-2 case.

3 / 3

Workflow Clarity

The four steps are clearly sequenced, but batch DNS scanning and mutation of a persisted known-domains registry lack embedded validate->fix->retry feedback loops, and the 'Validation Criteria' section only describes expected outcomes rather than acting as in-workflow checkpoints — the rubric caps such batch operations at 2.

2 / 3

Progressive Disclosure

Bundle files exist (references/api-reference.md, scripts/agent.py) but are never linked or signaled from the body, and ~200 lines of inlined code overlap the API reference that should be referenced one level deep — structurally present but not clearly signaled, matching the score-2 anchor.

2 / 3

Total

9

/

12

Passed

Description

67%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, tool-anchored, and distinctive, clearly conveying what the skill does; its main weakness is the missing explicit 'Use when...' trigger guidance and slightly limited trigger-term coverage.

Suggestions

Add an explicit trigger clause, e.g. 'Use when monitoring for typosquatting, homograph phishing, or brand-impersonation domains targeting your organization.'

Broaden trigger terms to include common variations users would say, such as 'domain monitoring', 'lookalike domains', and 'phishing domain detection'.

DimensionReasoningScore

Specificity

Lists multiple concrete actions anchored to a named tool — 'generate domain permutations', 'identify registered lookalike domains', and detecting 'typosquatting, homograph phishing, and brand impersonation domains', matching the multiple-specific-actions anchor rather than the narrower score-2 example.

3 / 3

Completeness

Clearly answers 'what' the skill does, but provides no explicit 'Use when...' trigger clause, which the guidelines state should cap completeness at 2 rather than the score-3 what-and-when anchor.

2 / 3

Trigger Term Quality

Includes natural, user-sayable terms like 'typosquatting', 'phishing', 'brand impersonation', and 'lookalike domains', but lacks common variations such as 'domain monitoring' or 'phishing domains' that the score-3 anchor expects.

2 / 3

Distinctiveness Conflict Risk

Occupies a clear niche — typosquatting/homograph detection via dnstwist — with distinct triggers unlikely to overlap with other skills, matching the clear-niche anchor rather than the score-2 'somewhat specific but could overlap' case.

3 / 3

Total

10

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.