mtthwmllr/skill-safety-auditor
Audits a Claude Code skill for security risks in three modes: before download (from a URL or install command), after download but before install (from a .skill file), or after install (from a local skills directory). Use this skill whenever a user is about to install a skill from any source — including GitHub URLs, git clone commands, npx/npm commands, curl/wget downloads, pip installs, marketplace links, or raw SKILL.md URLs. Also trigger when a user asks "is this skill safe?", "should I trust this skill?", "can you check this before I install it?", "audit this skill", or pastes any link to a skill repository or .skill file. If a user mentions installing ANY skill, proactively offer to audit it first — do not wait for them to ask.
97
97%
Does it follow best practices?
Impact
99%
1.28xAverage score across 5 eval scenarios
Advisory
Suggest reviewing before use
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines a specific niche (security auditing of Claude Code skills), provides comprehensive trigger terms covering both natural user phrases and technical installation methods, and explicitly addresses both what the skill does and when it should be used. The inclusion of proactive behavior guidance ('do not wait for them to ask') adds further clarity for skill selection. The description is thorough without being padded with fluff.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: auditing in three distinct modes (before download from URL/command, after download before install from .skill file, after install from local directory). Clearly describes what the skill does with concrete scenarios. | 3 / 3 |
Completeness | Clearly answers both 'what' (audits skills for security risks in three modes) and 'when' (explicit 'Use this skill whenever...' clause with detailed trigger scenarios, plus natural language phrases users might say, plus proactive trigger guidance). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'is this skill safe?', 'should I trust this skill?', 'audit this skill', 'check this before I install it?', plus specific technical triggers like GitHub URLs, git clone, npx/npm, curl/wget, pip installs, marketplace links, .skill files, and SKILL.md URLs. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche — security auditing of Claude Code skills specifically. The triggers are very targeted (skill installation, skill safety questions) and unlikely to conflict with general code review or security scanning skills due to the specific focus on skill files and installation workflows. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
92%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-crafted skill with excellent structure, clear multi-step workflows, and strong actionability. The mode-based approach is cleanly organized with tables, the Fetch Safety Boundary section addresses a critical security concern directly, and verdict labels are precisely defined. The only weakness is that the referenced bundle files (security-checks.md, report-format.md) are not provided, making it impossible to fully evaluate the progressive disclosure and completeness of the audit procedure.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is dense with actionable tables and structured steps. It avoids explaining what Claude already knows (e.g., no explanations of what security auditing is, what URLs are, etc.). Every section serves a clear purpose with minimal padding. | 3 / 3 |
Actionability | Provides concrete resolution tables for different input types, specific GitHub URL conversion patterns, exact shell commands for extraction, specific file paths for installed skills, and verbatim verdict labels. The mode-specific setup gives precise, executable guidance for each scenario. | 3 / 3 |
Workflow Clarity | The workflow is clearly sequenced: Step 0 (choose mode) → mode-specific setup → Step 1 (validate) → Step 2 (read scripts) → Step 3 (run checks) → Step 4 (produce report). Explicit stop conditions exist (e.g., 'If fetch fails: report and stop', 'If missing: stop and report'). The verdict logic includes clear conditional branching and a mechanism for clearing false-positive warnings. | 3 / 3 |
Progressive Disclosure | The skill appropriately references external files (references/security-checks.md, references/report-format.md) for detailed check lists and report templates, which is good progressive disclosure. However, no bundle files were provided, so we cannot verify these references resolve correctly. The main SKILL.md itself is well-structured but the missing bundle files mean the referenced content is unverifiable. | 2 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
Reviewed
Table of Contents