building-c2-infrastructure-with-sliver-framework
Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.
50
55%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/building-c2-infrastructure-with-sliver-framework/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, specific description that clearly identifies the tool (Sliver C2), vendor (BishopFox), and concrete capabilities (redirectors, HTTPS listeners, multi-operator support). Its main weakness is the lack of an explicit 'Use when...' clause, which would help Claude know precisely when to select this skill. The trigger terms are excellent for the target audience of red team operators.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about setting up Sliver, C2 infrastructure, implant listeners, or red team command-and-control configurations.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Build and configure', 'redirectors', 'HTTPS listeners', 'multi-operator support'. These are concrete, actionable capabilities within a well-defined domain. | 3 / 3 |
Completeness | The 'what' is well-covered (build/configure Sliver C2 with redirectors, HTTPS listeners, multi-operator support), but there is no explicit 'Use when...' clause. The phrase 'for authorized red team engagements' hints at context but doesn't serve as an explicit trigger guidance, capping this at 2 per the rubric. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords a red teamer would use: 'Sliver C2', 'command-and-control', 'C2 framework', 'redirectors', 'HTTPS listeners', 'red team', 'BishopFox'. These are terms practitioners naturally use when seeking this capability. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the specific tool name (Sliver C2, BishopFox), specific technical components (redirectors, HTTPS listeners), and narrow domain (red team C2 infrastructure). Very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
27%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is a comprehensive but verbose walkthrough of Sliver C2 infrastructure setup. Its main strength is providing concrete commands and configurations across the full deployment lifecycle. However, it suffers from significant padding (boilerplate sections, concept explanations Claude doesn't need, reference tables that don't aid execution), lacks intermediate validation steps between phases, and dumps everything into a single monolithic file with no progressive disclosure.
Suggestions
Remove boilerplate sections (When to Use, Prerequisites, Objectives, MITRE ATT&CK Mapping, Detection Signatures, Tools table) that don't provide actionable guidance—these consume tokens without helping Claude execute the task.
Add explicit validation checkpoints between phases, e.g., 'Verify listener is active: `jobs` should show the HTTPS listener' after Phase 2, and 'Test redirector connectivity: `curl -k https://c2.example.com` from a test host should return a response' after Phase 3.
Replace the vague 'Optionally set up Cloudflare as a CDN layer' with concrete Cloudflare configuration steps or remove it entirely.
Split detailed reference content (NGINX configs, detection indicators, post-exploitation commands) into separate bundle files and reference them from the main skill for better progressive disclosure.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Significant verbosity throughout. The overview paragraph explains what Sliver is (Claude already knows this). Sections like 'When to Use' are generic boilerplate with no skill-specific value. 'Prerequisites' lists obvious items. MITRE ATT&CK mapping, detection signatures table, and tools table add bulk without actionable guidance. The objectives section restates what the workflow already covers. | 1 / 3 |
Actionability | Contains concrete commands and configuration snippets (NGINX config, iptables rules, Sliver CLI commands) which are useful. However, several commands use placeholder paths and IPs without clarifying critical details—e.g., the domain fronting step is just 'Optionally set up Cloudflare as a CDN layer' with no concrete instructions. The operator generation command syntax may not be accurate (missing `--` flags vs interactive commands). Some steps are descriptive rather than executable. | 2 / 3 |
Workflow Clarity | The five-phase workflow is clearly sequenced and logically ordered. However, there are no validation checkpoints between phases—no 'verify the listener is active' step, no 'test connectivity through the redirector before generating implants' step. The validation criteria checklist at the end is a post-hoc list rather than integrated feedback loops. For an infrastructure deployment involving multiple networked components, missing intermediate verification caps this at 2. | 2 / 3 |
Progressive Disclosure | The content is a monolithic wall of text with no references to external files or supporting documents. Everything is inline in a single long document. There are no bundle files, and the skill doesn't reference any supplementary materials. Content like detection signatures, tools tables, and detailed NGINX configs could be split into separate reference files. | 1 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
0445030
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.