pt-planning-recon

Defines penetration test scope and performs authorized reconnaissance using passive and active methods. Use when planning a test engagement, collecting target intelligence, building asset inventories, or preparing recon findings.

1.15x

Quality

68%

Does it follow best practices?

Impact

96%

1.15x

Average score across 3 eval scenarios

Securityby

Advisory

Suggest reviewing before use

Fix and improve this skill with Tessl

tessl review fix ./skills/pt-planning-recon/SKILL.md

Quality

Content

62%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill provides a solid, well-structured workflow for pen test planning and reconnaissance with appropriate safety guardrails and a useful output template. Its main weakness is the lack of concrete, executable examples—no specific tool commands, queries, or real-world examples are provided, keeping the guidance at an abstract instructional level. The structure and safety considerations are strengths, but actionability would benefit significantly from tool-specific examples.

Suggestions

Add concrete command examples for key recon steps (e.g., specific nmap, dig, subfinder, or amass commands with recommended flags and safe defaults).

Include a brief worked example showing a sample recon output populated with realistic (fictional) data to demonstrate expected deliverable quality.

Consider splitting tool-specific guidance into a referenced file (e.g., RECON_TOOLS.md) to keep the main skill lean while providing depth.

Dimension	Reasoning	Score
Conciseness	Generally efficient and doesn't over-explain concepts Claude already knows, but some bullet points are somewhat generic (e.g., 'Deduplicate assets and map to owners/business function when known') and could be tightened. The output template adds useful structure but is partially redundant with the workflow description.	2 / 3
Actionability	The skill provides a clear process and output template, but lacks concrete executable commands or tool-specific examples. For a recon skill, specific commands (e.g., nmap flags, dig queries, subfinder usage) or at least named tool recommendations would significantly improve actionability. The guidance remains at the descriptive/instructional level rather than copy-paste ready.	2 / 3
Workflow Clarity	The workflow is clearly sequenced with a logical progression: confirm scope → passive recon → active recon → normalize → handoff. The 'Quality Checks' section serves as a validation checkpoint, and the explicit requirement to confirm authorization before proceeding and log every command provides appropriate safeguards for this high-risk domain.	3 / 3
Progressive Disclosure	The content is well-organized with clear sections and a useful output template, but everything is inline in a single file. For a skill of this complexity, references to separate files for tool-specific commands, example recon reports, or detailed methodology guides would improve navigation and reduce the main file's density.	2 / 3
	Total	9 / 12 Passed

Description

75%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is well-structured with a clear 'Use when' clause that covers multiple trigger scenarios, making it strong on completeness and distinctiveness. However, it could benefit from more specific concrete actions (e.g., DNS lookups, WHOIS queries, port scanning) and additional natural trigger terms (e.g., 'pentest', 'OSINT', 'footprinting') to improve specificity and keyword coverage.

Suggestions

Add specific concrete actions such as 'DNS enumeration, WHOIS lookups, port scanning, subdomain discovery, OSINT gathering' to improve specificity.

Include common natural trigger term variations like 'pentest', 'OSINT', 'footprinting', 'enumeration', 'attack surface mapping' in the description or 'Use when' clause.

Dimension	Reasoning	Score
Specificity	The description names the domain (penetration testing) and mentions some actions like 'defines scope', 'performs reconnaissance', 'passive and active methods', but doesn't list multiple specific concrete actions (e.g., DNS enumeration, WHOIS lookups, port scanning, subdomain discovery).	2 / 3
Completeness	Clearly answers both 'what' (defines pen test scope, performs authorized recon using passive/active methods) and 'when' (explicit 'Use when' clause covering planning engagements, collecting intelligence, building inventories, preparing findings).	3 / 3
Trigger Term Quality	Includes relevant terms like 'penetration test', 'reconnaissance', 'recon', 'target intelligence', 'asset inventories', but misses common natural variations users might say such as 'pentest', 'OSINT', 'footprinting', 'enumeration', 'attack surface'.	2 / 3
Distinctiveness Conflict Risk	The description carves out a clear niche around penetration test scoping and reconnaissance specifically, with distinct triggers like 'test engagement', 'target intelligence', and 'recon findings' that are unlikely to conflict with other security or general skills.	3 / 3
	Total	10 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: santosomar/ethical-hacking-agent-skills
Commit: 9976e81

Reviewed: 2 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.