CtrlK
BlogDocsLog inGet started
Tessl Logo

building-incident-response-dashboard

Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership with situational awareness during active incidents, tracking affected systems, containment status, IOC spread, and response timeline. Use when IR teams need unified visibility during incident coordination and post-incident reporting.

72

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

80%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A detailed, actionable IR-dashboard skill with strong executable SPL/XML examples, but it is over-padded with general-knowledge prose and lacks validation checkpoints and signaled references to its existing bundle file.

Suggestions

Trim or move the 'Tools & Systems', 'Common Scenarios', and 'Key Concepts' prose (which restates knowledge Claude already has) and link to references/api-reference.md so the bundle is surfaced from the body.

Add explicit validation/verification checkpoints to batch operations — e.g., verify ir_affected_systems.csv and ir_ioc_list.csv exist before querying, and confirm a scheduled search's output before relying on outputlookup auto-writes.

Replace placeholder IOC values ('a1b2c3d4...', 'e5f6a7b8...') with a note that real hashes must be substituted, so the examples are unambiguously executable.

DimensionReasoningScore

Conciseness

The body is thorough and accurate but padded — prose sections like 'Tools & Systems', 'Common Scenarios', and 'Key Concepts' restate things Claude already knows (what Kibana/Grafana/TheHive are), and the full CSV timeline plus ASCII mockup could be trimmed.

2 / 3

Actionability

Provides concrete, mostly copy-paste-ready SPL queries, Dashboard Studio XML, scheduled searches, and example CSV data; guidance is specific and executable rather than abstract.

3 / 3

Workflow Clarity

Seven sequenced panel-building steps are present, but batch/auto-write operations (the scheduled search that outputlookups, enterprise-wide IOC scans) have no validation or verify-then-proceed checkpoints, capping clarity at 2 per the rubric.

2 / 3

Progressive Disclosure

A references/api-reference.md bundle exists, but the body never signals or links to it, and inline material (Tools, Scenarios, Key Concepts) that could be offloaded stays in SKILL.md — structure exists but references are not clearly surfaced.

2 / 3

Total

9

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A well-crafted description that states concrete capabilities, explicit use-when triggers, and a distinct SOC/IR niche in third person. It is concise yet comprehensive and avoids fluff.

DimensionReasoningScore

Specificity

Lists multiple concrete actions across named platforms: 'tracking affected systems, containment status, IOC spread, and response timeline' in Splunk, Elastic, or Grafana.

3 / 3

Completeness

Explicitly answers both what ('Builds real-time incident response dashboards... tracking affected systems, containment status, IOC spread') and when ('Use when IR teams need unified visibility during incident coordination and post-incident reporting').

3 / 3

Trigger Term Quality

Includes natural terms an IR/SOC user would say — 'incident response dashboards', 'incident coordination', 'post-incident reporting' — with good coverage of the working vocabulary.

3 / 3

Distinctiveness Conflict Risk

Clear niche — IR dashboards for SOC analysts/leadership on Splunk/Elastic/Grafana — distinct from routine SOC monitoring, unlikely to trigger for the wrong skill.

3 / 3

Total

12

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.