CtrlK
BlogDocsLog inGet started
Tessl Logo

building-adversary-infrastructure-tracking-system

Build an automated system to track adversary infrastructure using passive DNS, certificate transparency, WHOIS data, and IP enrichment to map and monitor threat actor command-and-control networks.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is highly actionable with complete executable code and a clear step sequence, but it is padded with concept explanations Claude already knows and fails to link the provided bundle files. Tightening prose and wiring up the references would lift the weaker dimensions.

Suggestions

Replace the 'Key Concepts' prose with brief pointers to references/api-reference.md, removing explanations of passive DNS and pivoting that Claude already knows.

Link the bundle files in the body (e.g. 'See references/api-reference.md for endpoint details and scripts/agent.py for a complete runnable agent') instead of duplicating their content inline.

Add explicit validation checkpoints to the workflow (e.g. verify API responses and non-empty graphs before pivoting, retry on rate limits) to create a validate->fix->retry feedback loop.

DimensionReasoningScore

Conciseness

The body is mostly efficient with three tight code blocks, but the 'Key Concepts' section explains passive DNS and pivoting (concepts Claude already knows) and the 'When to Use' section is generic boilerplate that could be trimmed.

2 / 3

Actionability

Provides three complete, executable Python classes (InfrastructureTracker, InfrastructureGraph, InfrastructureMonitor) hitting real SecurityTrails endpoints with concrete parameters, near copy-paste ready.

3 / 3

Workflow Clarity

The three steps are clearly sequenced and a Validation Criteria section exists, but there is no validate->fix->retry feedback loop embedded in this batch API-query workflow, leaving checkpoints implicit.

2 / 3

Progressive Disclosure

Bundle files references/api-reference.md and scripts/agent.py exist but are never referenced from the body, and large inline code partly duplicates that bundle content, so structure is present but not well signaled or split.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific and distinct with strong natural trigger terms, but it omits an explicit 'Use when...' trigger clause, leaving the 'when' dimension only implied. Adding a usage trigger would raise completeness to a full score.

Suggestions

Append an explicit trigger clause, e.g. 'Use when investigating threat actor command-and-control infrastructure, pivoting across passive DNS/WHOIS/certificate data, or monitoring for newly registered adversary domains.'

DimensionReasoningScore

Specificity

Lists multiple concrete actions ("track", "map", "monitor") and specific data sources ("passive DNS, certificate transparency, WHOIS data, and IP enrichment") targeting threat actor C2 networks, matching the multi-action anchor.

3 / 3

Completeness

It clearly answers "what" the skill does but provides no explicit "when" trigger (no "Use when..." clause), which caps completeness at 2 per the judging guidelines.

2 / 3

Trigger Term Quality

Includes natural analyst keywords a user would say ("passive DNS", "certificate transparency", "WHOIS", "threat actor", "command-and-control"), giving good coverage of domain terms.

3 / 3

Distinctiveness Conflict Risk

The adversary-infrastructure/C2-tracking niche is specific and distinct, making it unlikely to trigger for the wrong skill.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.