agent-security-review
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
67
59%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./.agent/skills/agent-security-review/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description has strong completeness with an explicit 'Use this skill when...' clause and good trigger term coverage for security-related tasks. However, it lacks specificity about concrete actions (what exactly does the checklist cover? what patterns are provided?) and could potentially conflict with general API or authentication skills.
Suggestions
Add specific concrete actions like 'validates input sanitization, reviews authentication flows, checks for SQL injection vulnerabilities, audits secret management'
Differentiate from general API/auth skills by emphasizing the security audit/review aspect more explicitly
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security) and lists several areas (authentication, user input, secrets, API endpoints, payment features), but lacks concrete actions - 'Provides comprehensive security checklist and patterns' is vague about what specific actions are performed. | 2 / 3 |
Completeness | Explicitly answers both what ('Provides comprehensive security checklist and patterns') and when ('Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features'). | 3 / 3 |
Trigger Term Quality | Good coverage of natural terms users would say: 'authentication', 'user input', 'secrets', 'API endpoints', 'payment', 'sensitive features' are all terms developers naturally use when discussing security concerns. | 3 / 3 |
Distinctiveness Conflict Risk | While security-focused, terms like 'API endpoints' and 'user input' could overlap with general web development or API skills. The security niche is clear but boundaries with adjacent skills could be sharper. | 2 / 3 |
Total | 10 / 12 Passed |
Implementation
37%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill functions as a pure index/table of contents to sub-skills, which is extremely concise but provides no actionable guidance, workflow, or overview content in the main file. While the progressive disclosure structure is reasonable, the complete absence of any executable examples, security principles summary, or workflow guidance makes this skill body insufficient as a standalone reference.
Suggestions
Add a brief 'Quick Reference' section with 3-5 critical security principles or a minimal code example (e.g., input sanitization pattern) that Claude can apply immediately
Define a workflow or priority order for the checklist items (e.g., 'Always check 1-4 for any new endpoint; add 5-8 for user-facing features')
Include at least one concrete, copy-paste ready code snippet demonstrating a common security pattern
Add a brief summary under 'Security Checklist' explaining how to use the sub-skills together rather than just listing links
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is lean and efficient, serving as a pure index to sub-skills without unnecessary explanation. No verbose descriptions of what security is or why it matters. | 3 / 3 |
Actionability | The skill provides no concrete code, commands, or executable guidance. It only lists links to sub-skills without any actionable content in the main file itself. | 1 / 3 |
Workflow Clarity | There is no workflow, sequence, or process defined. The 'Security Checklist' header is followed only by links with no indication of order, priority, or how to use these modules together. | 1 / 3 |
Progressive Disclosure | References are one level deep and clearly linked, which is good. However, the main skill provides almost no overview content—it's essentially just a table of contents with no quick-start guidance or summary of key principles. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- Dokhacgiakhoa/antigravity-ide
- Commit
332e58b
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.