cisco/software-security
A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.
Skills
1
Reviewed
1/1
Average Score
82%
SKILL.md
Activation
67%
Implementation
88%
Validation
81%| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
body_output_format | No obvious output/return/format terms detected; consider specifying expected outputs | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 13 / 16 Passed | |
Implementation
88%This is a well-structured security skill that efficiently communicates when to apply security rules and provides concrete, executable examples. The progressive disclosure is excellent with clear references to detailed rule files. The main weakness is the workflow section, which could benefit from explicit validation steps and feedback loops for when security issues are detected during review.
Suggestions
Add explicit validation/feedback loop in the Security Review step, e.g., 'If violations found: fix issue → re-run review → only proceed when all checks pass'
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is lean and efficient, avoiding explanations of basic concepts Claude already knows. Each section serves a clear purpose with no padding or unnecessary context. | 3 / 3 |
Actionability | Provides fully executable Python code examples showing both insecure and secure patterns. The examples are copy-paste ready and cover credential handling, SQL injection, and password storage. | 3 / 3 |
Workflow Clarity | The three-step workflow (Initial Security Check, Code Generation, Security Review) provides a clear sequence, but lacks explicit validation checkpoints or feedback loops for error recovery when security issues are found. | 2 / 3 |
Progressive Disclosure | Excellent structure with a concise overview, clear references to external rule files (LANGUAGE_RULES.md, specific rule files), and well-signaled one-level-deep navigation. Content is appropriately split between overview and detailed rules. | 3 / 3 |
Total | 11 / 12 Passed |
Activation
67%This description has good structure with explicit 'Use when' guidance, making it complete. However, it lacks specific concrete actions (what exactly does it do beyond 'write secure code'?) and could benefit from more natural trigger terms that users would actually say when they need security help. The integration with 'Project CodeGuard' is mentioned but not explained.
Suggestions
Add specific concrete actions like 'detect SQL injection vulnerabilities', 'implement secure password hashing', 'validate user input', or 'review for OWASP Top 10 issues'
Expand trigger terms to include common security vocabulary users would naturally use: 'XSS', 'SQL injection', 'CSRF', 'secure', 'encrypt', 'sanitize', 'OWASP', 'CVE'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (software security) and mentions some actions like 'write secure code' and 'prevent common vulnerabilities', but lacks specific concrete actions. The examples given (authentication, cryptography, data handling) are categories rather than specific actions like 'validate input', 'encrypt passwords', or 'sanitize SQL queries'. | 2 / 3 |
Completeness | Clearly answers both what ('integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities') and when ('Use this skill when security concerns are mentioned, when reviewing code for vulnerabilities, or when implementing authentication, cryptography, or data handling'). | 3 / 3 |
Trigger Term Quality | Includes some relevant keywords like 'security', 'vulnerabilities', 'authentication', 'cryptography', and 'data handling'. However, missing common variations users might say like 'secure', 'XSS', 'SQL injection', 'OWASP', 'password', 'encryption', or 'sanitize'. | 2 / 3 |
Distinctiveness Conflict Risk | The security focus provides some distinctiveness, but 'reviewing code' could overlap with general code review skills, and 'data handling' is quite broad. The mention of 'Project CodeGuard' adds specificity, but the general security framing could still conflict with other security-related skills. | 2 / 3 |
Total | 9 / 12 Passed |
tessl i cisco/software-security@1.2.5- Workspace
- cisco
- Visibility
- Public
- Created
- Last updated