building-c2-infrastructure-with-sliver-framework
Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.
69
62%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/building-c2-infrastructure-with-sliver-framework/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, specific description that clearly identifies the tool (Sliver C2), vendor (BishopFox), and concrete capabilities (redirectors, HTTPS listeners, multi-operator support). Its main weakness is the lack of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill. The domain-specific terminology serves as excellent natural trigger terms for the target audience.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about setting up Sliver, C2 infrastructure, implant listeners, or red team command-and-control configurations.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Build and configure', 'redirectors', 'HTTPS listeners', 'multi-operator support'. These are concrete, actionable capabilities within a well-defined domain. | 3 / 3 |
Completeness | The 'what' is well-covered (build/configure Sliver C2 with redirectors, HTTPS listeners, multi-operator support), but there is no explicit 'Use when...' clause or equivalent trigger guidance. The 'when' is only implied by 'for authorized red team engagements', which is more of a scope qualifier than an explicit trigger condition. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords a red teamer would use: 'Sliver C2', 'command-and-control', 'C2 framework', 'redirectors', 'HTTPS listeners', 'red team', 'BishopFox'. These are terms practitioners naturally use when seeking this capability. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the specific tool (Sliver C2 by BishopFox), specific components (redirectors, HTTPS listeners), and specific use case (red team engagements). Very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides genuinely actionable, executable commands for building Sliver C2 infrastructure across all phases, which is its primary strength. However, it is significantly bloated with boilerplate sections (generic 'When to Use', 'Prerequisites', MITRE mappings, detection signatures) that waste tokens without adding operational value for Claude. The monolithic structure with no progressive disclosure and the lack of inline validation/error-recovery steps further weaken the skill.
Suggestions
Remove or drastically trim the Overview, When to Use, Prerequisites, MITRE ATT&CK Mapping, and Detection Signatures sections - these are reference material Claude already knows or can look up, and they consume significant token budget.
Add inline validation steps within each phase (e.g., 'Verify listener is active: `jobs` should show the HTTPS listener', 'Test redirector connectivity: `curl -k https://c2.example.com` should return a response').
Split the Tools/Resources table, Detection Signatures, and Validation Criteria into separate referenced files (e.g., TOOLS.md, DETECTION.md) and link from the main skill.
Replace the generic 'When to Use' and 'Prerequisites' sections with a single-line scope statement like '## Scope: Authorized red team engagements requiring resilient C2 infrastructure with Sliver.'
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is heavily padded with sections Claude already knows (overview explaining what Sliver is, MITRE ATT&CK mappings, detection signatures table, generic 'When to Use' and 'Prerequisites' sections). The overview paragraph explains basic concepts like what Go is and what beacon/session modes are. The 'When to Use' section is entirely boilerplate with no Sliver-specific value. | 1 / 3 |
Actionability | The skill provides concrete, executable commands throughout all phases - from installation to listener configuration, NGINX config blocks, iptables rules, implant generation commands, and post-exploitation commands. These are copy-paste ready and specific to Sliver's CLI. | 3 / 3 |
Workflow Clarity | The five phases are clearly sequenced and logically ordered, but validation checkpoints are only present as a final checklist rather than inline at each phase. There are no explicit feedback loops for error recovery (e.g., what to do if a listener fails to bind, if certificate generation fails, or if the redirector can't reach the team server). | 2 / 3 |
Progressive Disclosure | The content is a monolithic wall of text with no references to external files. Everything is inline - the detection signatures table, tools table, MITRE mappings, and detailed NGINX configs could all be split into separate reference files. There's no navigation structure or links to deeper documentation. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
c15f73d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.