CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-web-server-logs-for-intrusion

Parse Apache and Nginx access logs to detect SQL injection attempts, local file inclusion, directory traversal, web scanner fingerprints, and brute-force patterns. Uses regex-based pattern matching against OWASP attack signatures, GeoIP enrichment for source attribution, and statistical anomaly detection for request frequency and response size outliers.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

80%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is concise and highly actionable with executable commands and concrete detection patterns, but it lacks an explicit validation checkpoint in its workflow and fails to surface the bundled api-reference.md from the main body.

Suggestions

Add an explicit validation/verification step before producing the report, e.g. sanity-checking detection counts or confirming GeoIP lookups resolved.

Link the bundled references/api-reference.md from the body (e.g. 'See references/api-reference.md for the full log-format and attack-signature reference') so the existing reference is clearly signaled.

DimensionReasoningScore

Conciseness

Lean and efficient — short When-to-Use, Prerequisites, and a numbered instruction list with concrete patterns and an executable command, with no padding or explanation of concepts Claude already knows.

3 / 3

Actionability

Provides concrete executable guidance — 'pip install geoip2 user-agents', a copy-paste 'python scripts/agent.py' invocation, and specific detection regex patterns and log-format examples — making it ready to run.

3 / 3

Workflow Clarity

The steps are clearly sequenced, but there is no explicit validation or verification checkpoint before generating the findings report; checkpoints are only implicit, which for a batch detection operation caps workflow clarity at 2.

2 / 3

Progressive Disclosure

The body references scripts/agent.py (a real one-level-deep file) but the bundled references/api-reference.md is never linked or signaled from the body, so an existing reference is present but not clearly surfaced.

2 / 3

Total

10

/

12

Passed

Description

67%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific and well-targeted, naming concrete detection actions and methods, but it lacks an explicit 'Use when...' trigger clause and some common user-facing keywords, which caps trigger_term_quality and completeness at 2.

Suggestions

Add an explicit 'Use when...' clause, e.g. 'Use when analyzing Apache/Nginx access logs for intrusion indicators, web attacks, or suspicious request patterns.'

Include more natural trigger terms users would say, such as 'log analysis', 'intrusion detection', 'web attack detection', or 'suspicious requests'.

DimensionReasoningScore

Specificity

Lists multiple specific concrete actions and detection targets — 'SQL injection attempts, local file inclusion, directory traversal, web scanner fingerprints, and brute-force patterns' — plus concrete methods (regex matching, GeoIP enrichment, anomaly detection).

3 / 3

Completeness

Clearly answers what the skill does but the 'when' is only implied by topic; there is no explicit 'Use when...' clause, which per the judging guidelines caps completeness at 2.

2 / 3

Trigger Term Quality

Contains relevant natural terms ('Apache and Nginx access logs', 'SQL injection', 'brute-force') but omits common variations a user might say such as 'log analysis' or 'intrusion detection', and lacks any explicit 'Use when...' trigger phrasing.

2 / 3

Distinctiveness Conflict Risk

Targets a clear niche (web server log intrusion detection) with distinct, specialized triggers that are unlikely to conflict with other skills.

3 / 3

Total

10

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.