CtrlK
BlogDocsLog inGet started
Tessl Logo

building-c2-infrastructure-with-sliver-framework

Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Critical

Do not install without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with concrete commands and a clear phased workflow, but it is padded with generic boilerplate and fails to route to the existing bundle files, leaving reference content inline and the supporting files orphaned.

Suggestions

Link the existing bundle files from the relevant sections (e.g., 'See references/api-reference.md for the full CLI command list' and 'See references/workflows.md for the deployment workflow') and move the inline duplicate content there.

Trim the generic "When to Use" and "Prerequisites" boilerplate to skill-specific prerequisites only.

Add interleaved validation checkpoints (e.g., verify the listener is reachable and the redirector passes traffic before generating implants) with feedback loops for error recovery.

DimensionReasoningScore

Conciseness

The bulk is concrete commands, but the "When to Use" and "Prerequisites" sections read as generic boilerplate and the Overview restates background about Sliver that Claude largely already knows.

2 / 3

Actionability

It provides copy-paste-ready Sliver CLI commands, nginx and iptables configs, and implant-generation examples throughout each phase, giving concrete executable guidance.

3 / 3

Workflow Clarity

The five-phase sequence is clearly numbered and a validation checklist exists, but there are no interleaved verify-before-proceeding checkpoints or validate→fix→retry feedback loops within the workflow.

2 / 3

Progressive Disclosure

Bundle files exist (references/api-reference.md, standards.md, workflows.md, assets/template.md, scripts/) but the body never links them, and the API/standards/workflow content that belongs in those files is duplicated inline.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A specific, distinctive description with strong natural trigger terms, but it lacks an explicit "Use when..." trigger clause so it only implies when the skill should activate.

Suggestions

Append an explicit "Use when..." clause naming user-facing triggers (e.g., 'Use when setting up Sliver C2 infrastructure, configuring redirectors, or simulating adversary command-and-control for authorized red team engagements').

Add common term variations a user might say (e.g., 'C2 server', 'implants', 'beacons', 'domain fronting') to broaden trigger coverage.

DimensionReasoningScore

Specificity

Concrete verbs ("Build and configure") are paired with specific components — "redirectors, HTTPS listeners, and multi-operator support" — listing multiple concrete actions rather than vague language.

3 / 3

Completeness

It clearly states what the skill does, but offers no "Use when..." clause; "for authorized red team engagements" only implies when, so per the guideline completeness is capped at 2.

2 / 3

Trigger Term Quality

Natural domain terms a user would say are well covered: "Sliver C2 framework", "command-and-control infrastructure", "redirectors", and "red team engagements".

3 / 3

Distinctiveness Conflict Risk

The narrow framing around "BishopFox's Sliver C2 framework" and command-and-control infrastructure gives it a clear niche unlikely to conflict with other skills.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.