exploitability-analyzer
Analyze detected vulnerabilities to assess realistic exploitability by examining control flow, input sources, sanitization logic, and execution context. Use when users need to: (1) Determine if a vulnerability is actually exploitable in practice, (2) Assess severity and impact of security issues, (3) Prioritize vulnerability remediation, (4) Understand attack vectors and exploitation conditions, (5) Generate exploitability reports with proof-of-concept scenarios. Focuses on injection vulnerabilities (SQL, command, XSS, path traversal, LDAP) with detailed analysis of reachability, controllability, sanitization, and impact.
Install with Tessl CLI
npx tessl i github:ArabelaTso/Skills-4-SE --skill exploitability-analyzer92
Does it follow best practices?
Validation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the key criteria. It provides specific concrete actions, includes natural trigger terms users would use, explicitly states both what the skill does and when to use it with a numbered list of scenarios, and carves out a distinct niche in vulnerability exploitability analysis rather than general security work.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'examining control flow, input sources, sanitization logic, and execution context' and specifies vulnerability types (SQL, command, XSS, path traversal, LDAP) with analysis dimensions (reachability, controllability, sanitization, impact). | 3 / 3 |
Completeness | Clearly answers both what (analyze vulnerabilities, assess exploitability, examine control flow/sanitization) AND when with explicit 'Use when users need to:' clause followed by five specific trigger scenarios. | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'vulnerability', 'exploitability', 'security issues', 'severity', 'impact', 'remediation', 'attack vectors', plus specific injection types (SQL, XSS, command injection, path traversal, LDAP) that users would naturally mention. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on exploitability analysis of detected vulnerabilities, distinct from general security scanning or code review skills. The focus on 'realistic exploitability' and specific injection types creates a well-defined scope. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, well-structured skill with excellent actionability through concrete code examples and proof-of-concepts. The workflow is clearly sequenced with explicit assessment criteria and a useful exploitability matrix. Minor verbosity in the overview and 'How to Use' sections could be trimmed, but overall the skill provides high-value, actionable guidance for vulnerability assessment.
Suggestions
Remove or condense the 'Overview' section - the title and workflow already convey the purpose
Trim the 'How to Use' section to just the analysis factors list, removing the 'Provide:' instructions that Claude can infer
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is moderately efficient but includes some unnecessary explanation. The 'Overview' section restates what the skill does (already clear from the title), and some sections like 'How to Use' explain concepts Claude would understand. However, the examples are well-structured and the content is generally focused. | 2 / 3 |
Actionability | Excellent actionability with fully executable Python code examples, specific proof-of-concept exploits, and copy-paste ready remediation code. Each vulnerability type includes concrete attack payloads and working fixes with proper parameterization/escaping. | 3 / 3 |
Workflow Clarity | Clear 7-step workflow with explicit sequence (Identify → Trace → Assess → Evaluate → Analyze → Determine → Calculate). Each step has clear questions to answer and rating scales. The exploitability matrix provides explicit decision criteria, and the report format gives a structured output template. | 3 / 3 |
Progressive Disclosure | Well-organized with clear sections progressing from overview to workflow to examples to reference. The reference to 'assessment_criteria.md' is one level deep with clear guidance on when to load it. Content is appropriately split between quick-reference material in the main file and detailed criteria in the reference. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (506 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.