auditing-tls-certificate-transparency-logs
Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains via CT data, and alert on suspicious certificate activity for owned domains. Uses the crt.sh API and direct CT log querying based on RFC 6962 to build continuous monitoring pipelines that catch rogue certificates, track CA behavior, and map the external attack surface. Activates for requests involving certificate transparency monitoring, CT log auditing, subdomain discovery via certificates, or certificate issuance alerting.
51
56%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/auditing-tls-certificate-transparency-logs/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly articulates specific capabilities, includes natural trigger terms that security professionals would use, explicitly states both what the skill does and when to activate it, and occupies a distinct niche. It uses proper third-person voice throughout and avoids vague language or buzzwords.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: monitoring CT logs, detecting unauthorized certificate issuance, discovering subdomains via CT data, alerting on suspicious certificate activity, querying crt.sh API, direct CT log querying based on RFC 6962, building continuous monitoring pipelines, tracking CA behavior, and mapping external attack surface. | 3 / 3 |
Completeness | Clearly answers both 'what' (monitors CT logs, detects unauthorized certificates, discovers subdomains, alerts on suspicious activity) and 'when' with an explicit activation clause: 'Activates for requests involving certificate transparency monitoring, CT log auditing, subdomain discovery via certificates, or certificate issuance alerting.' | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'certificate transparency', 'CT logs', 'subdomain discovery', 'certificate issuance', 'crt.sh', 'CT log auditing', 'rogue certificates', 'attack surface'. These cover the domain well and match how security professionals would phrase requests. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche focused specifically on Certificate Transparency logs and related monitoring. The specific mentions of CT logs, crt.sh API, RFC 6962, and certificate issuance alerting make it very unlikely to conflict with other skills like general network security or DNS tools. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
12%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a comprehensive wiki article or training document on Certificate Transparency monitoring than an actionable skill for Claude. Its greatest weakness is the complete absence of executable code despite listing Python libraries as prerequisites, making it purely descriptive rather than instructional. The content is also far too verbose, explaining well-known concepts and including extensive glossary definitions that waste context window tokens.
Suggestions
Replace prose descriptions with executable Python code: provide a complete crt.sh query script, SQLite schema creation, and a monitoring loop with alerting — these should be copy-paste ready
Remove the Key Concepts glossary table entirely — Claude already knows what Merkle trees, SCTs, and CAA records are
Split the detailed scenarios, tools list, and output format into separate bundle files (e.g., SCENARIOS.md, TOOLS.md) and reference them from the main skill with one-line descriptions
Add explicit validation checkpoints: verify API connectivity before starting, validate baseline completeness, test alert delivery before relying on the pipeline
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~300+ lines. It explains concepts Claude already knows (X.509 structure, Merkle trees, what CT is, what CAA records are), includes an extensive glossary table, and provides lengthy narrative descriptions where concise bullet points or code would suffice. The 'Key Concepts' table and 'Prerequisites' section explaining basic understanding requirements are unnecessary padding. | 1 / 3 |
Actionability | Despite the length, there is zero executable code anywhere in the skill. No Python scripts for querying crt.sh, no SQLite schema, no actual monitoring script, no alert configuration code. Everything is described in prose ('Query the crt.sh JSON API', 'Store in SQLite database') rather than provided as copy-paste ready implementations. The prerequisites mention Python libraries but no code uses them. | 1 / 3 |
Workflow Clarity | The 5-step workflow is logically sequenced and covers the full monitoring pipeline from baseline through alerting and reporting. However, it lacks explicit validation checkpoints and feedback loops — there's no 'verify your baseline is complete before proceeding' step, no error handling guidance for failed API calls, and no validation that the monitoring pipeline is working correctly before relying on it. | 2 / 3 |
Progressive Disclosure | The content is a monolithic wall of text with no bundle files and no references to external documents. All content — concepts, workflows, scenarios, glossary, tools — is inlined into a single massive file. The Key Concepts table, Tools & Systems section, and detailed scenarios could all be split into separate reference files, with the main skill providing a concise overview and links. | 1 / 3 |
Total | 5 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
0445030
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.