building-c2-infrastructure-with-sliver-framework
Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.
50
55%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/building-c2-infrastructure-with-sliver-framework/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity and distinctiveness, naming concrete tools (Sliver C2, BishopFox) and specific infrastructure components (redirectors, HTTPS listeners, multi-operator support). Its main weakness is the lack of an explicit 'Use when...' clause, which would help Claude know precisely when to select this skill. The domain-specific terminology serves as effective natural trigger terms for the target audience.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about setting up Sliver C2, building C2 infrastructure, configuring redirectors, or preparing for red team operations.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Build and configure', 'redirectors', 'HTTPS listeners', 'multi-operator support'. These are concrete, actionable capabilities within a well-defined domain. | 3 / 3 |
Completeness | The 'what' is well-covered (build/configure Sliver C2 with redirectors, HTTPS listeners, multi-operator support), but there is no explicit 'Use when...' clause. The phrase 'for authorized red team engagements' hints at context but doesn't serve as an explicit trigger guidance, capping this at 2 per the rubric. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords a red teamer would use: 'Sliver C2', 'command-and-control', 'C2 framework', 'redirectors', 'HTTPS listeners', 'red team', 'BishopFox'. These are terms practitioners naturally use when seeking this capability. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the specific tool name (BishopFox's Sliver C2), specific infrastructure components (redirectors, HTTPS listeners), and specific use case (red team engagements). Very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
27%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a comprehensive tutorial or blog post than a concise, actionable skill file for Claude. It contains significant boilerplate (generic 'When to Use', prerequisites, MITRE mappings, detection signatures) that wastes tokens without adding operational value. The core workflow commands are reasonably concrete but lack integrated validation steps and could be much more tightly structured with supporting bundle files.
Suggestions
Remove or drastically reduce the Overview, When to Use, Prerequisites, MITRE ATT&CK Mapping, and Detection Signatures sections — these are reference material Claude already knows or that belong in separate bundle files.
Add explicit validation checkpoints within the workflow (e.g., 'Verify listener is active: `jobs` should show the HTTPS listener before proceeding to implant generation').
Split the Tools/Resources table, Detection Signatures, and Post-Exploitation reference commands into separate bundle files (e.g., REFERENCE.md, POST_EXPLOITATION.md) and link to them from the main skill.
Flesh out the domain fronting setup (Phase 3, step 4) with concrete Cloudflare configuration steps or remove it — a vague 'optionally set up' instruction is not actionable.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is heavily padded with sections Claude already knows (overview explaining what Sliver is, MITRE ATT&CK mappings, detection signatures table, generic 'When to Use' and 'Prerequisites' sections). The 'When to Use' section is particularly egregious with vague boilerplate. The overview paragraph explains basic concepts like what Go is and what C2 channels are. Significant token waste throughout. | 1 / 3 |
Actionability | The skill provides real commands and configuration snippets (NGINX config, iptables rules, Sliver CLI commands) which are concrete and mostly executable. However, some commands may not be fully accurate (e.g., `new-operator` syntax, `generate beacon` flag combinations), and the domain fronting setup in Phase 3 step 4 is left as a vague 'optionally set up Cloudflare' without any concrete steps. The post-exploitation section is decent but reads more like a reference card than actionable workflow guidance. | 2 / 3 |
Workflow Clarity | The five-phase workflow is clearly sequenced and logically ordered. However, there are no explicit validation checkpoints between phases (e.g., verify the listener is active before generating implants, test redirector connectivity before deploying implants). The validation criteria checklist at the end is a post-hoc checklist rather than integrated feedback loops. For an operation involving infrastructure deployment with multiple failure points, the lack of inline verification steps is a notable gap. | 2 / 3 |
Progressive Disclosure | The content is a monolithic wall of text with no references to external files, no layered structure, and no separation of concerns. The detection signatures table, tools table, MITRE mappings, and detailed post-exploitation commands could all be in separate reference files. Everything is inlined into a single long document with no bundle files to support it. | 1 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
0f429d0
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.