building-c2-infrastructure-with-sliver-framework
Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.
63
55%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/building-c2-infrastructure-with-sliver-framework/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, specific description that clearly identifies the tool (Sliver C2), vendor (BishopFox), and concrete capabilities (redirectors, HTTPS listeners, multi-operator support). Its main weakness is the lack of an explicit 'Use when...' clause, which would help Claude know precisely when to select this skill. The trigger terms are excellent for the target audience of red team operators.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about setting up Sliver C2, configuring C2 infrastructure, deploying redirectors, or planning red team command-and-control operations.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Build and configure', 'redirectors', 'HTTPS listeners', 'multi-operator support'. These are concrete, actionable capabilities within a well-defined domain. | 3 / 3 |
Completeness | The 'what' is well-covered (build/configure Sliver C2 with redirectors, HTTPS listeners, multi-operator support), but there is no explicit 'Use when...' clause. The phrase 'for authorized red team engagements' hints at context but doesn't serve as an explicit trigger guidance, capping this at 2 per the rubric. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords a red teamer would use: 'Sliver C2', 'command-and-control', 'C2 framework', 'redirectors', 'HTTPS listeners', 'red team', 'BishopFox'. These are terms practitioners naturally use when seeking this capability. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the specific tool name (Sliver C2, BishopFox), specific infrastructure components (redirectors, HTTPS listeners), and narrow domain (red team C2 infrastructure). Very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
27%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill covers a broad scope of Sliver C2 infrastructure setup with real commands and configurations, which is its primary strength. However, it is significantly bloated with boilerplate sections (When to Use, Prerequisites, Objectives, MITRE mapping, Detection Signatures) that don't add actionable value for Claude, and it lacks embedded validation checkpoints and error recovery guidance within the workflow phases. The monolithic structure with no external references makes it poorly suited as a SKILL.md file.
Suggestions
Remove or drastically reduce boilerplate sections (Overview explanation, When to Use, Prerequisites, Objectives, MITRE ATT&CK Mapping, Detection Signatures) — these don't teach Claude how to do anything it couldn't infer.
Embed validation steps within each workflow phase (e.g., 'Verify listener is active: `jobs` should show the HTTPS listener' after Phase 2, 'Test redirector connectivity: `curl -k https://c2.example.com` from a test host' after Phase 3).
Split detailed content into referenced files: e.g., 'See [REDIRECTORS.md](REDIRECTORS.md) for NGINX/Apache/Cloudflare configurations' and 'See [POST_EXPLOITATION.md](POST_EXPLOITATION.md) for modules and pivoting.'
Clarify command contexts — distinguish between bash shell commands and Sliver interactive console commands (e.g., prefix Sliver console commands with `sliver >` or note they run inside the Sliver client).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is heavily padded with sections Claude already knows: the overview explains what Sliver is at length, 'When to Use' is generic boilerplate, 'Prerequisites' lists obvious items like 'familiarity with red teaming concepts,' the MITRE ATT&CK mapping and detection signatures tables add bulk without actionable guidance, and the 'Objectives' section restates what the workflow already covers. | 1 / 3 |
Actionability | The workflow phases contain concrete commands and configuration snippets that are mostly executable, but several commands use Sliver's interactive console syntax without clarifying context (e.g., `new-operator` is a Sliver console command but shown as bash), the domain fronting step is vague ('Optionally set up Cloudflare as a CDN layer'), and some critical details are missing (e.g., how to actually distribute operator configs, how to verify listener status). | 2 / 3 |
Workflow Clarity | The five phases provide a clear sequence, but validation is deferred to a checklist at the end rather than embedded as checkpoints within each phase. There are no feedback loops for error recovery—e.g., no guidance on what to do if a listener fails to start, if the redirector can't reach the team server, or if implant generation fails. For infrastructure involving destructive/risky operations, this caps the score at 2. | 2 / 3 |
Progressive Disclosure | The content is a monolithic wall of text with no references to external files for detailed topics like domain fronting configuration, advanced post-exploitation, or operator management. Everything is inline, including detection signatures and tool tables that could be separate references, making the skill unnecessarily long for a SKILL.md overview. | 1 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
888bbe4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.