android-legacy-security
Harden Intent handling, WebView configuration, and FileProvider access in Android apps. Use when securing Intent extras, configuring WebViews, or exposing files via FileProvider. (triggers: **/*Activity.kt, **/*WebView*.kt, AndroidManifest.xml, Intent, WebView, FileProvider, javaScriptEnabled)
89
86%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope within Android security hardening, provides explicit 'Use when' guidance, and includes comprehensive trigger terms covering both file patterns and conceptual keywords. It follows third-person voice correctly and is concise without being vague. The description would perform well in a large skill library for accurate selection.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists three specific concrete actions: hardening Intent handling, WebView configuration, and FileProvider access. These are well-defined, actionable security domains within Android development. | 3 / 3 |
Completeness | Clearly answers both 'what' (harden Intent handling, WebView configuration, and FileProvider access) and 'when' (explicit 'Use when' clause covering securing Intent extras, configuring WebViews, or exposing files via FileProvider, plus explicit trigger patterns). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms including file patterns ('**/*Activity.kt', '**/*WebView*.kt', 'AndroidManifest.xml') and concept keywords ('Intent', 'WebView', 'FileProvider', 'javaScriptEnabled'). These are terms developers would naturally use when discussing Android security hardening. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche combining Android security hardening with specific components (Intent, WebView, FileProvider). The file pattern triggers and domain-specific terminology make it very unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, concise security skill that clearly communicates Android hardening directives with good progressive disclosure to a reference file. Its main weaknesses are the lack of inline executable code examples (relying entirely on the reference file for implementation details) and the absence of validation/verification steps for confirming that security hardening has been correctly applied.
Suggestions
Add at least one inline code example per section (e.g., a manifest snippet for exported=false, a Kotlin WebView configuration block) so the skill is actionable without requiring the reference file.
Add verification steps such as 'Run `adb shell dumpsys package <pkg> | grep exported` to confirm component export settings' or 'Test WebView with a javascript: URI to confirm JS is disabled' to improve workflow clarity.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient. Every bullet point conveys a specific, actionable security directive without explaining basic Android concepts Claude already knows. No padding or unnecessary context. | 3 / 3 |
Actionability | The guidance is specific (e.g., 'set android:exported="false"', 'disable allowFileAccess') but lacks concrete code examples. The actual executable code is deferred to references/implementation.md, so the skill itself contains directives rather than copy-paste ready snippets. | 2 / 3 |
Workflow Clarity | The content is organized into clear categories (Intents, WebViews, Storage) with specific instructions, but there are no validation checkpoints or feedback loops. For security hardening—which can involve destructive or hard-to-debug changes—explicit verification steps (e.g., 'test with adb to confirm exported=false') would strengthen the workflow. | 2 / 3 |
Progressive Disclosure | The skill provides a clear overview with well-signaled, one-level-deep references to references/implementation.md for detailed examples. Content is appropriately split between the overview and the reference file. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- HoangNguyen0403/agent-skills-standard
- Commit
19a1140
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.