analyzing-typosquatting-domains-with-dnstwist
Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations and identify registered lookalike domains targeting your organization.
55
62%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-typosquatting-domains-with-dnstwist/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity and domain-relevant trigger terms that security professionals would naturally use. Its main weakness is the lack of an explicit 'Use when...' clause, which would help Claude know precisely when to select this skill. The description is concise, uses third person voice correctly, and occupies a clear niche.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about domain squatting, phishing domain detection, brand protection, or wants to run dnstwist against a domain.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'detect typosquatting, homograph phishing, and brand impersonation domains', 'generate domain permutations', and 'identify registered lookalike domains'. These are clear, actionable capabilities. | 3 / 3 |
Completeness | The 'what' is well-covered (detect typosquatting, generate permutations, identify lookalike domains), but there is no explicit 'Use when...' clause or equivalent trigger guidance. The when is only implied through the description of capabilities. | 2 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'typosquatting', 'homograph phishing', 'brand impersonation', 'lookalike domains', 'dnstwist', 'domain permutations'. These are the exact terms a security professional would use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche — domain security analysis using dnstwist is very specific and unlikely to conflict with other skills. The combination of typosquatting, homograph attacks, and the specific tool (dnstwist) creates a clear, unique identity. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, executable Python code for typosquatting domain analysis, which is its primary strength. However, it is significantly over-verbose with unnecessary conceptual explanations (Key Concepts, When to Use sections), lacks integrated validation checkpoints between workflow steps, and dumps all content into a single monolithic file rather than using progressive disclosure to separate the core workflow from advanced features like continuous monitoring and takedown reporting.
Suggestions
Remove the 'Key Concepts' section entirely - Claude already understands DNS, fuzzy hashing, and permutation techniques. Move any truly novel information (like the ssdeep/pHash distinction) into inline comments in the code.
Remove or drastically shorten the 'When to Use' section - it's generic filler that doesn't add actionable value.
Add explicit validation checkpoints between steps, e.g., 'Verify results contain dns_a entries before proceeding to analysis' and error handling guidance for common failures (timeouts, empty results).
Split the monitoring pipeline (Step 3) and export/takedown (Step 4) into separate referenced files, keeping SKILL.md focused on the core scan-and-analyze workflow.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is excessively verbose. The 'Key Concepts' section explains things Claude already knows (what fuzzy hashing is, what permutation techniques are, what the detection workflow looks like). The 'When to Use' section is generic filler. The 'Prerequisites' section includes 'Understanding of DNS record types' which is unnecessary for Claude. The code examples, while functional, are much longer than needed with extensive print statements and comments explaining obvious things. | 1 / 3 |
Actionability | The skill provides fully executable Python code across all four steps - from running dnstwist scans to analyzing results, continuous monitoring, and generating blocklists/takedown reports. The code is copy-paste ready with concrete commands, specific flags, and complete function implementations. | 3 / 3 |
Workflow Clarity | The four steps are clearly sequenced and logically ordered (scan → analyze → monitor → export). However, there are no explicit validation checkpoints between steps - the 'Validation Criteria' section is a passive checklist at the end rather than integrated verification steps. There's no error recovery guidance (e.g., what to do if dnstwist times out, if DNS resolution fails, or if results seem incomplete). | 2 / 3 |
Progressive Disclosure | The skill is a monolithic wall of content with no bundle files to offload detail into. The extensive code for monitoring pipelines, blocklist generation, and takedown reports could be split into separate reference files. Everything is inline in a single long document with no clear navigation structure beyond sequential steps. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
0445030
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.