Analyzing Lnk File And Jump List Artifacts

Name: Analyzing Lnk File And Jump List Artifacts
Author: mukul975

mukul975/anthropic-cybersecurity-skills

Structure Windows LNK and Jump List forensic findings into a consistent case report during incident response or endpoint investigations.

Overview

Analyzing LNK File and Jump List Artifacts is an agent skill for the Ship phase that structures Windows LNK and Jump List forensic evidence into tabular case reports.

Install

npx skills add https://github.com/mukul975/anthropic-cybersecurity-skills --skill analyzing-lnk-file-and-jump-list-artifacts

What is this skill?

Report tables for LNK targets, volume serials, and machine identifiers
Jump List summary keyed by application AppID and access date ranges
Removable-media correlation via drive letter, volume serial, and label
Findings section for narrative conclusions from LNK/Jump List analysis
Apache 2.0 licensed template aligned with Anthropic cybersecurity skills
Four primary report sections: LNK summary, Jump List summary, removable media, and findings

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1 installs on skills.sh; 14.9k GitHub stars; 3/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).

What problem does it solve?

You have raw LNK and Jump List artifacts but no consistent report layout tying targets, AppIDs, and removable media to a defensible findings narrative.

Who is it for?

Security analysts and indie consultants documenting Windows user-activity timelines from LNK and Jump List data in a formal case file.

Skip if: Solo app builders shipping SaaS who only need routine dependency scanning or OWASP checklists without endpoint forensics.

When should I use this skill?

You need to produce or complete a LNK File and Jump List Analysis Report with case metadata and evidence tables.

What do I get? / Deliverables

You get a completed LNK/Jump List analysis report with populated summary tables and a findings section ready for case notes or peer review.

LNK File and Jump List Analysis Report with summary tables and findings narrative

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Primary fit

Forensic artifact analysis belongs on the Ship shelf under security because it supports post-breach review and evidence documentation before or after release-related hardening work. Security subphase is the canonical home for DFIR templates that establish user activity timelines from filesystem artifacts rather than live app testing.

How it compares

Use as a structured DFIR report template instead of asking the agent for free-form incident narrative without evidence tables.

Common Questions / FAQ

Who is analyzing-lnk-file-and-jump-list-artifacts for?

It is for forensic examiners, IR consultants, and security-focused builders who investigate Windows endpoints and must document LNK and Jump List evidence in a repeatable format.

When should I use analyzing-lnk-file-and-jump-list-artifacts?

Use it during Ship-phase security work when you are writing up Windows artifact analysis after collection—for example after imaging a laptop in an insider-threat review or validating removable-media usage in an IR engagement.

Is analyzing-lnk-file-and-jump-list-artifacts safe to install?

It is a reporting template skill without embedded exploit code; review the Security Audits panel on this Prism page and only point agents at evidence you are authorized to handle.

SKILL.md

READMESKILL.md - Analyzing Lnk File And Jump List Artifacts

# LNK File and Jump List Analysis Report

## Case Information
| Field | Value |
|-------|-------|
| Case Number | |
| Examiner | |
| Evidence Source | |

## LNK File Summary
| LNK File | Target Path | Target Created | Target Modified | Volume Serial | Machine ID |
|----------|-------------|----------------|-----------------|---------------|-----------|
| | | | | | |

## Jump List Summary
| Application | AppID | Files Accessed | Date Range |
|------------|-------|---------------|------------|
| | | | |

## Removable Media References
| Drive Letter | Volume Serial | Volume Label | Files Accessed |
|-------------|--------------|-------------|---------------|
| | | | |

## Findings
_(Summary of user activity established through LNK/Jump List analysis)_



                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/

   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

   1. Definitions.

      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.

      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.

      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.

      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.

      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.

      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.

      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).

      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.

      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to the Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      d

What is this skill?

Report tables for LNK targets, volume serials, and machine identifiers

Jump List summary keyed by application AppID and access date ranges

Removable-media correlation via drive letter, volume serial, and label

Findings section for narrative conclusions from LNK/Jump List analysis

Apache 2.0 licensed template aligned with Anthropic cybersecurity skills

Four primary report sections: LNK summary, Jump List summary, removable media, and findings

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1 installs on skills.sh; 14.9k GitHub stars; 3/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Analyzing Lnk File And Jump List Artifacts

# LNK File and Jump List Analysis Report

## Case Information
| Field | Value |
|-------|-------|
| Case Number | |
| Examiner | |
| Evidence Source | |

## LNK File Summary
| LNK File | Target Path | Target Created | Target Modified | Volume Serial | Machine ID |
|----------|-------------|----------------|-----------------|---------------|-----------|
| | | | | | |

## Jump List Summary
| Application | AppID | Files Accessed | Date Range |
|------------|-------|---------------|------------|
| | | | |

## Removable Media References
| Drive Letter | Volume Serial | Volume Label | Files Accessed |
|-------------|--------------|-------------|---------------|
| | | | |

## Findings
_(Summary of user activity established through LNK/Jump List analysis)_



                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/

   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

   1. Definitions.

      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.

      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.

      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.

      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.

      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.

      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.

      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).

      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.

      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to the Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      d

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is analyzing-lnk-file-and-jump-list-artifacts for?

When should I use analyzing-lnk-file-and-jump-list-artifacts?

Is analyzing-lnk-file-and-jump-list-artifacts safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is analyzing-lnk-file-and-jump-list-artifacts for?

When should I use analyzing-lnk-file-and-jump-list-artifacts?

Is analyzing-lnk-file-and-jump-list-artifacts safe to install?

SKILL.md