CtrlK
BlogDocsLog inGet started
Tessl Logo

android-legacy-security

Harden Intent handling, WebView configuration, and FileProvider access in Android apps. Use when securing Intent extras, configuring WebViews, or exposing files via FileProvider.

64

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

72%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A concise, well-structured skill body that resists verbosity and uses progressive disclosure effectively. Its weaknesses are the absence of inline executable code and the lack of explicit validation/verification checkpoints for the security changes it prescribes.

Suggestions

Add one minimal inline code snippet per section (e.g., a 3-line WebView settings block or a FileProvider manifest snippet) so the most common actions are copy-paste ready without opening the reference.

Include an explicit verification checkpoint — e.g., 'After changes, grep the manifest for exported="true" components and confirm each is intentional' or a lint/security-test command — to close the validate→fix→retry loop for these risky edits.

Add a short ordering note (manifest lockdown → WebView config → FileProvider review) so the three sections read as a sequenced hardening pass rather than parallel checklists.

DimensionReasoningScore

Conciseness

Lean bullet lists with no padding or explanation of basic concepts; every line states a concrete hardening action and assumes Claude's competence.

3 / 3

Actionability

Concrete guidance is present (specific flags like javaScriptEnabled=false, resolveActivity checks, content:// URIs) but the body contains no executable code — all snippets are deferred to references/implementation.md, leaving key implementation details incomplete inline.

2 / 3

Workflow Clarity

Three numbered sections list actions, but there is no explicit sequence or validate→fix→retry checkpoint for these risky security changes; the Anti-Patterns section states rules rather than a verification loop.

2 / 3

Progressive Disclosure

Clear, well-organized overview with one-level-deep references to a real references/implementation.md file, signaled inline three times; content is appropriately split between overview and detail.

3 / 3

Total

10

/

12

Passed

Description

85%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, specific description with an explicit 'Use when' trigger clause and a well-defined Android-security niche. The only weak spot is trigger-term quality, which relies on technical SDK terms rather than the more natural phrasings a user might actually say.

Suggestions

Add natural-language trigger variations alongside the SDK jargon (e.g., 'securing my Android app's WebViews', 'sharing files safely without file:// URIs', 'preventing Intent hijacking') so the description matches what users actually say.

Consider mentioning 'AndroidManifest.xml hardening' or 'exported component' checks as a trigger term, since manifest lockdown is a core capability users may request.

DimensionReasoningScore

Specificity

Lists multiple specific concrete actions — 'Harden Intent handling, WebView configuration, and FileProvider access' and 'securing Intent extras, configuring WebViews, or exposing files via FileProvider' — rather than vague language.

3 / 3

Completeness

Explicitly answers both what it does and when to use it via the 'Use when securing Intent extras, configuring WebViews, or exposing files via FileProvider' clause.

3 / 3

Trigger Term Quality

Includes relevant terms (Intent, WebView, FileProvider, Intent extras) but these lean toward SDK jargon and miss common natural-language variations a user might say, so it is not full coverage.

2 / 3

Distinctiveness Conflict Risk

Targets a clear Android-security niche with triggers tied to specific SDK components (FileProvider, WebView, Intent extras), making overlap with unrelated skills unlikely.

3 / 3

Total

11

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

metadata_version

'metadata.version' is missing

Warning

metadata_field

'metadata' should map string keys to string values

Warning

Total

14

/

16

Passed

Repository
HoangNguyen0403/agent-skills-standard
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.