A concise, actionable security gate skill with executable commands and clear sequencing. Its main weakness is the lack of explicit feedback loops—after resolving gitleaks findings or safety vulnerabilities, there's no instruction to re-run the scans to confirm a clean pass before proceeding.

Suggestions

Add explicit re-scan steps after resolving findings, e.g., 'After fixing, re-run `gitleaks detect --verbose --redact` and confirm zero findings before proceeding.'

Add brief guidance on handling safety check vulnerabilities (e.g., pin to patched version, add to ignore list with justification).

Dimension	Reasoning	Score
Conciseness	Every line serves a purpose. No unnecessary explanations of what security scanning is or why it matters. The instructions are lean and assume Claude knows the context.	3 / 3
Actionability	Provides fully executable bash commands for each step, including specific package versions (safety==3.2.4), concrete flags (--verbose --redact), and a practical loop for scanning multiple requirements files.	3 / 3
Workflow Clarity	Steps are clearly sequenced, but the validation/feedback loop is only implicit ('Resolve any findings before continuing'). There's no explicit re-run step after fixing findings from gitleaks or safety, and no guidance on what to do if safety check finds vulnerabilities. For a security gate involving potentially destructive operations (pushing secrets), this gaps caps the score at 2.	2 / 3
Progressive Disclosure	This is a simple, single-purpose skill under 50 lines. The content is well-organized with numbered steps and doesn't need external references. The structure is appropriate for its scope.	3 / 3
	Total	11 / 12 Passed

Description

22%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This description is too terse and imperative in tone, reading like a command rather than a skill description. It fails to explain what the security scan actually does (e.g., static analysis, dependency checks, secret detection) and lacks an explicit 'Use when...' clause to guide skill selection. The description would benefit significantly from listing concrete actions and trigger conditions.

Suggestions

Add specific concrete actions the skill performs, e.g., 'Runs static analysis, checks for secrets, and scans dependencies for known vulnerabilities before pushing code.'

Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user wants to run security checks before pushing, mentions pre-push gates, vulnerability scanning, or secret detection.'

Rewrite in third person declarative voice (e.g., 'Runs a security scan gate...') rather than imperative ('Run the security scan gate...').

Dimension	Reasoning	Score
Specificity	The description mentions 'security scan gate' but does not describe any concrete actions—what does the scan do? What does it check? There are no specific capabilities listed.	1 / 3
Completeness	The 'what' is extremely vague (run a security scan) and there is no explicit 'when should Claude use this' clause. The description reads more like an instruction than a skill description.	1 / 3
Trigger Term Quality	Contains some relevant keywords like 'security scan' and 'pushing' that users might naturally say, but misses common variations like 'vulnerability check', 'SAST', 'pre-push hook', 'code scanning', or 'security audit'.	2 / 3
Distinctiveness Conflict Risk	'Security scan gate before pushing' is somewhat specific to a pre-push security workflow, but 'security scan' is broad enough to overlap with other security-related skills like dependency auditing or linting.	2 / 3
	Total	6 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Reviewed

3 months ago

Table of Contents

Discovery Implementation Validation