android-legacy-security
Harden Intent handling, WebView configuration, and FileProvider access in Android apps. Use when securing Intent extras, configuring WebViews, or exposing files via FileProvider.
87
86%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, well-crafted description that clearly identifies three specific Android security hardening areas and provides explicit trigger guidance. It uses appropriate third-person voice, includes natural developer terminology, and occupies a distinct niche that minimizes conflict with other skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Harden Intent handling', 'WebView configuration', and 'FileProvider access'. Also specifies 'securing Intent extras', 'configuring WebViews', and 'exposing files via FileProvider' — all concrete, domain-specific actions. | 3 / 3 |
Completeness | Clearly answers both 'what' (harden Intent handling, WebView configuration, FileProvider access in Android apps) and 'when' (explicit 'Use when securing Intent extras, configuring WebViews, or exposing files via FileProvider'). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords that Android developers would use: 'Intent', 'Intent extras', 'WebView', 'FileProvider', 'Android apps', 'harden', 'securing'. These are terms a user would naturally mention when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive — targets a very specific niche of Android security hardening across three well-defined components (Intent, WebView, FileProvider). Unlikely to conflict with general Android development or other security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, concise security skill that effectively organizes Android hardening guidance into clear categories with appropriate progressive disclosure to a reference file. Its main weakness is the lack of inline executable code examples and missing validation/verification steps for confirming that security configurations are correctly applied.
Suggestions
Add at least one inline executable code snippet per section (e.g., a manifest XML snippet for exported=false, a Kotlin/Java WebView configuration block) to improve actionability.
Include a verification/validation step such as 'Run `./gradlew lint` to check for exported components' or 'Test WebView with a local XSS payload to confirm file access is blocked' to improve workflow clarity for these security-critical changes.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient. It avoids explaining what Intents, WebViews, or FileProviders are, assumes Claude's Android knowledge, and every bullet point delivers actionable security guidance without padding. | 3 / 3 |
Actionability | Provides specific configuration directives (e.g., `android:exported="false"`, `javaScriptEnabled = false`, `EncryptedSharedPreferences`) but lacks executable code examples. The concrete guidance is present as instructions rather than copy-paste ready code snippets, with actual implementation deferred to the reference file. | 2 / 3 |
Workflow Clarity | The skill is organized into clear topical sections with sequenced priorities, but it lacks explicit validation/verification steps. For security hardening—which involves potentially destructive configuration changes—there are no checkpoints to verify that settings are correctly applied or test for regressions. | 2 / 3 |
Progressive Disclosure | The SKILL.md serves as a clear overview with well-signaled, one-level-deep references to `references/implementation.md` for detailed hardening examples. Content is appropriately split between the overview and the reference file. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
metadata_field | 'metadata' should map string keys to string values | Warning |
Total | 9 / 11 Passed | |
- Repository
- HoangNguyen0403/agent-skills-standard
- Commit
4c72e76
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.