The description provides a basic understanding of the skill's purpose but is too terse to be effective for skill selection. It lacks explicit trigger guidance ('Use when...'), specific vulnerability types, and natural keyword variations that users would employ when requesting security reviews.

Suggestions

Add a 'Use when...' clause with trigger terms like 'security review', 'vulnerability scan', 'audit code', 'check for exploits', or 'review PR for security'.

List specific vulnerability types the skill detects, such as 'SQL injection, XSS, hardcoded credentials, insecure dependencies'.

Include file type or context triggers like 'diffs', 'pull requests', 'commits', or specific languages if applicable.

Dimension	Reasoning	Score
Specificity	Names the domain (security) and one action (check code changes for vulnerabilities), but doesn't list specific types of vulnerabilities or concrete actions like 'detect SQL injection, identify XSS, flag hardcoded secrets'.	2 / 3
Completeness	Only addresses 'what' (check code for vulnerabilities) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill.	1 / 3
Trigger Term Quality	Contains some relevant keywords ('security', 'vulnerabilities', 'code changes') but misses common variations users might say like 'security review', 'audit', 'scan', 'CVE', 'OWASP', 'diff', or 'PR review'.	2 / 3
Distinctiveness Conflict Risk	Somewhat specific to security scanning of code changes, but could overlap with general code review skills or static analysis tools; 'code changes' helps narrow scope but isn't highly distinctive.	2 / 3
	Total	7 / 12 Passed

Implementation

100%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is an excellent skill that demonstrates best practices: it's concise, provides executable commands and a complete output schema, has clear workflow steps with edge case handling, and organizes vulnerability categories logically. The scope declaration upfront prevents scope creep, and the severity levels (HARD/SHOULD/WARN) with justifications show thoughtful design.

Dimension	Reasoning	Score
Conciseness	The skill is lean and efficient, with no unnecessary explanations of concepts Claude already knows. Every section serves a clear purpose and the content is appropriately dense without padding.	3 / 3
Actionability	Provides fully executable bash commands for getting changes, concrete vulnerability patterns to check, and a complete JSON schema for output. The examples are specific and copy-paste ready.	3 / 3
Workflow Clarity	Clear three-step sequence (get changes → check vulnerabilities → report) with explicit handling for edge cases (50+ files batching, fallback git commands). The pass/fail criteria are unambiguous.	3 / 3
Progressive Disclosure	Well-organized with clear sections and hierarchy. For a self-contained security validator skill, the structure is appropriate with logical groupings (HARD/SHOULD/WARN violations) and no need for external references.	3 / 3
	Total	12 / 12 Passed

Validation

81%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 9 / 11 Passed

Validation for skill structure

Criteria	Description	Result
allowed_tools_field	'allowed-tools' contains unusual tool name(s)	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	9 / 11 Passed

Reviewed

2 months ago

Table of Contents

Discovery Implementation Validation