pt-maintaining-access
Evaluates whether an attacker could retain foothold and move laterally after initial compromise, within strict authorization limits. Use when testing persistence, session resilience, and detection/response effectiveness during a pen test.
84
76%
Does it follow best practices?
Impact
98%
1.04xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/pt-maintaining-access/SKILL.mdQuality
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is reasonably well-structured with both 'what' and 'when' clauses clearly present, which is its strongest aspect. However, it could benefit from more concrete action verbs and specific techniques rather than category-level descriptions, and could include more natural trigger term variations that users might employ when requesting post-exploitation testing assistance.
Suggestions
Add more concrete actions such as 'deploy persistence mechanisms, test lateral movement techniques, evaluate privilege escalation paths, assess detection evasion'.
Expand trigger terms to include common variations like 'post-exploitation', 'pivoting', 'red team', 'backdoor', 'C2', 'command and control', 'privilege escalation'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (post-exploitation pen testing) and mentions some actions like evaluating persistence, lateral movement, session resilience, and detection/response effectiveness, but these are more like categories than concrete specific actions (e.g., it doesn't list specific techniques like 'deploy backdoors, escalate privileges, pivot through network segments'). | 2 / 3 |
Completeness | Clearly answers both 'what' (evaluates attacker foothold retention and lateral movement after initial compromise) and 'when' (explicit 'Use when testing persistence, session resilience, and detection/response effectiveness during a pen test'). | 3 / 3 |
Trigger Term Quality | Includes relevant terms like 'persistence', 'lateral movement', 'pen test', 'session resilience', and 'detection/response', but misses common variations users might say such as 'post-exploitation', 'pivoting', 'backdoor', 'privilege escalation', 'red team', or 'foothold maintenance'. | 2 / 3 |
Distinctiveness Conflict Risk | The description is fairly specific to post-exploitation testing, but could overlap with other pen testing skills covering initial exploitation, privilege escalation, or general security assessment. The phrase 'after initial compromise' helps distinguish it, but the boundaries with adjacent pen testing phases aren't sharply drawn. | 2 / 3 |
Total | 9 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, concise pen testing skill that clearly sequences the workflow with appropriate safety guardrails and cleanup verification. Its main weakness is the lack of concrete, actionable examples—specific tools, commands, or technique implementations that would make the guidance immediately executable rather than directional. The output template and quality checks are strong additions.
Suggestions
Add concrete examples of reversible persistence techniques per target class (e.g., specific registry keys for Windows, cron entries for Linux, with exact commands to set and remove them).
Include at least one worked example showing a specific lateral movement test scenario with the tools/commands used and expected output.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient. It avoids explaining what persistence or lateral movement are, assumes Claude understands pen testing concepts, and every section serves a clear purpose without padding. | 3 / 3 |
Actionability | The guidance is structured and directional but remains somewhat abstract—it describes categories of actions (e.g., 'low-risk, reversible methods appropriate to target class') rather than providing specific commands, tool invocations, or concrete technique examples. No executable code or specific tool usage is shown. | 2 / 3 |
Workflow Clarity | The workflow is clearly sequenced from permission confirmation through persistence simulation, lateral movement, detection testing, and cleanup with explicit verification. The cleanup-and-verify step with 'recheck system state to confirm rollback' provides a proper feedback loop for this destructive/risky operation domain. | 3 / 3 |
Progressive Disclosure | For a skill of this size (~60 lines) covering a focused topic, the content is well-organized into logical sections (objectives, workflow, output template, quality checks) without needing external file references. Navigation is straightforward and nothing is buried or nested. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- santosomar/ethical-hacking-agent-skills
- Commit
9976e81
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.