pt-lotl-techniques
Demonstrates Living-off-the-Land (LotL) techniques using native OS tools to simulate realistic threat actor behavior during authorized penetration tests. Use when proving attack feasibility without custom malware, testing detection coverage, and validating what a real adversary could achieve with only built-in system capabilities.
84
76%
Does it follow best practices?
Impact
98%
1.24xAverage score across 3 eval scenarios
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/pt-lotl-techniques/SKILL.mdQuality
Discovery
75%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description effectively communicates its specialized niche in Living-off-the-Land penetration testing techniques and provides clear 'Use when' guidance. However, it lacks specific concrete actions (which native tools, which techniques) and could benefit from more natural trigger terms that security professionals commonly use.
Suggestions
Add specific concrete actions like 'Uses PowerShell, WMI, certutil, and other LOLBins to demonstrate lateral movement, persistence, and data exfiltration'
Include additional trigger terms users might naturally say: 'red team', 'LOLBins', 'fileless attack', 'LOLBAS', 'GTFOBins'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (Living-off-the-Land techniques, penetration testing) and mentions 'native OS tools' and 'simulate realistic threat actor behavior', but doesn't list specific concrete actions like which tools or techniques are used. | 2 / 3 |
Completeness | Clearly answers both what ('Demonstrates Living-off-the-Land techniques using native OS tools to simulate realistic threat actor behavior') and when ('Use when proving attack feasibility without custom malware, testing detection coverage, and validating what a real adversary could achieve'). | 3 / 3 |
Trigger Term Quality | Includes some relevant terms like 'LotL', 'penetration tests', 'threat actor', 'detection coverage', but missing common variations users might say like 'red team', 'LOLBins', 'fileless', 'PowerShell', 'WMI', or specific tool names. | 2 / 3 |
Distinctiveness Conflict Risk | Has a clear niche focused specifically on LotL/native tool techniques for authorized penetration testing, distinct from general security skills or malware analysis skills with specific trigger context around 'built-in system capabilities'. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a well-structured framework for LotL penetration testing with strong workflow clarity and appropriate conciseness. The main weakness is the lack of concrete, executable command examples - it tells Claude what tools to use but not exactly how to invoke them. The content would benefit from either inline command examples or references to detailed technique files.
Suggestions
Add concrete command examples for key techniques (e.g., actual certutil encode syntax, specific PowerShell discovery commands, SSH key reuse commands)
Consider splitting platform-specific techniques into separate referenced files (WINDOWS_TECHNIQUES.md, UNIX_TECHNIQUES.md) with detailed executable examples
Include at least one complete worked example showing the full workflow from technique selection through cleanup with actual commands and expected output
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, listing technique families without explaining what PowerShell or bash are. Every section serves a purpose with no padding or unnecessary context that Claude would already know. | 3 / 3 |
Actionability | Provides technique categories and a clear workflow, but lacks concrete executable commands. Lists tools like 'certutil (encode/decode)' without showing actual command syntax, making it more of a reference guide than copy-paste ready instructions. | 2 / 3 |
Workflow Clarity | Clear 7-step execution workflow with explicit validation checkpoints including scope confirmation, logging requirements, cleanup steps, and detection response capture. The per-technique 4-step process also includes verification. | 3 / 3 |
Progressive Disclosure | Content is well-organized with clear sections and a useful output template, but everything is inline in one file. For a skill of this complexity, technique-specific details or platform-specific examples could be split into referenced files. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- santosomar/ethical-hacking-agent-skills
- Commit
a8ff73a
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.