dryrunsecurity/remediation
Helps fix security vulnerabilities identified by DryRunSecurity. Activates when the user shares a DryRunSecurity comment (from a GitHub PR or GitLab MR) or asks for help fixing any security finding including SQL injection, XSS, CSRF, SSRF, path traversal, command injection, authentication bypass, authorization flaws, and prompt injection. Researches authoritative sources and applies fixes grounded in the user's specific codebase context.
97
97%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly identifies its niche (fixing DryRunSecurity-identified vulnerabilities), provides comprehensive trigger terms covering both the tool and specific vulnerability types, and explicitly states both what it does and when it should activate. The description is well-structured, uses third person voice correctly, and balances conciseness with thoroughness.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: fixing security vulnerabilities, researching authoritative sources, applying fixes grounded in codebase context. Also enumerates specific vulnerability types (SQL injection, XSS, CSRF, SSRF, path traversal, command injection, authentication bypass, authorization flaws, prompt injection). | 3 / 3 |
Completeness | Clearly answers both 'what' (fixes security vulnerabilities, researches authoritative sources, applies fixes in codebase context) and 'when' (explicitly states 'Activates when the user shares a DryRunSecurity comment... or asks for help fixing any security finding'). The trigger guidance is explicit and detailed. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'DryRunSecurity', 'GitHub PR', 'GitLab MR', 'security finding', and a comprehensive list of specific vulnerability types (SQL injection, XSS, CSRF, SSRF, path traversal, command injection, etc.) that users would naturally mention. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the specific mention of DryRunSecurity as the primary trigger, combined with the security vulnerability remediation niche. The combination of tool-specific context (DryRunSecurity, GitHub PR, GitLab MR) and security domain makes it very unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured skill with clear workflow sequencing, good progressive disclosure through external references, and highly actionable guidance with specific tool usage at each step. The main weakness is minor verbosity in the introductory framing that could be trimmed, but overall it's an effective and well-organized skill.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Mostly efficient but has some unnecessary framing ('You are helping a developer...', 'Your goal is to provide a fix that is') that Claude doesn't need. The table format for context gathering is efficient, but the numbered goals at the top are somewhat redundant with the process steps. | 2 / 3 |
Actionability | Each step has a clear 'Action' line with specific tools to use (Glob, Grep, Read, WebFetch, Edit). The example provides concrete before/after code with specific research URLs. The context-gathering table gives specific filenames and patterns to search for. | 3 / 3 |
Workflow Clarity | The 5-step process is clearly sequenced with explicit gates ('Do NOT propose a fix until complete' after Step 2, 'Do NOT rely on memorized examples' in Step 3). Step 5 includes verification steps and checking for related vulnerable code, providing a feedback loop. The workflow enforces research-before-action discipline. | 3 / 3 |
Progressive Disclosure | Excellent use of one-level-deep references: FINDING_FORMAT.md for format details, VULNERABILITY_TYPES.md for CWE references, and DRYRUN_FILTERING.md for false positive filtering context. The main skill stays concise while clearly signaling where to find detailed information. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
Reviewed
Table of Contents