CtrlK
BlogDocsLog inGet started
Tessl Logo

auditing-tls-certificate-transparency-logs

Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains via CT data, and alert on suspicious certificate activity for owned domains. Uses the crt.sh API and direct CT log querying based on RFC 6962 to build continuous monitoring pipelines that catch rogue certificates, track CA behavior, and map the external attack surface. Activates for requests involving certificate transparency monitoring, CT log auditing, subdomain discovery via certificates, or certificate issuance alerting.

68

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with concrete endpoints, commands, and examples, and is well-sequenced across five clear steps. It loses points for re-explaining concepts Claude already knows, missing validation feedback loops for batch monitoring operations, and not pointing to the existing bundle files.

Suggestions

Replace or trim the 'Key Concepts' table to only CT-specific operational details Claude would not already know (e.g., the crt.sh PostgreSQL interface and OID 1.3.6.1.4.1.11129.2.4.3), removing generic explanations of Merkle trees and RFC 6962.

Add explicit validation/retry checkpoints to the continuous-monitoring workflow -- e.g., verify baseline consistency after each poll, validate new-cert parsing, and a validate->fix->retry loop on HTTP 429 rate-limit responses.

Signal the bundled files from the body: add a 'Tooling' pointer to 'scripts/agent.py' and link to 'references/api-reference.md' for the CLI arguments, alert types, and database schema so the overview stays lean.

DimensionReasoningScore

Conciseness

Mostly efficient and actionable, but the 'Key Concepts' table re-explains concepts Claude already knows (Merkle Tree, RFC 6962, MMD, precertificate OID) and the ~170-line body could be tightened without losing clarity.

2 / 3

Actionability

Provides concrete, executable guidance throughout: real crt.sh API endpoints ('https://crt.sh/?q=%.example.com&output=json'), SQLite schema columns, alert thresholds, CAA record syntax, and an example report -- copy-paste ready and specific.

3 / 3

Workflow Clarity

The five-step sequence is clearly laid out, but continuous monitoring and baseline-database operations are batch/risky with no explicit validate->fix->retry checkpoints or feedback loops, which caps workflow clarity at 2 per the rubric.

2 / 3

Progressive Disclosure

Sections are well-organized, but the body never signals the bundled 'scripts/agent.py' or 'references/api-reference.md' files, and large inline blocks (full Key Concepts table, complete output-format template) that could live in references are kept in the overview.

2 / 3

Total

9

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, trigger-rich, and complete with an explicit activation clause distinguishing what it does and when to use it. It uses proper third-person voice and avoids fluff, making it a strong, low-conflict description.

DimensionReasoningScore

Specificity

Lists multiple concrete actions -- 'detect unauthorized certificate issuance', 'discover subdomains via CT data', 'alert on suspicious certificate activity', 'build continuous monitoring pipelines' -- rather than vague language.

3 / 3

Completeness

Explicitly answers both 'what' (the monitoring/building actions) and 'when' via the explicit trigger clause 'Activates for requests involving certificate transparency monitoring, CT log auditing, subdomain discovery via certificates, or certificate issuance alerting.'

3 / 3

Trigger Term Quality

Good coverage of natural terms a user would say: 'certificate transparency monitoring', 'CT log auditing', 'subdomain discovery via certificates', and 'certificate issuance alerting'.

3 / 3

Distinctiveness Conflict Risk

Occupies a clear niche (CT log auditing/crt.sh/RFC 6962) with distinct, specific triggers unlikely to fire for unrelated skills.

3 / 3

Total

12

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.