android-security
Secure data encryption, network configuration, and permissions in Android apps. Use when handling API keys, auth tokens, certificate pinning, EncryptedSharedPreferences, or securing exported components.
87
86%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope (Android app security), lists specific capabilities, and includes an explicit 'Use when' clause with highly relevant trigger terms. The description is concise, uses third person voice, and covers a well-defined niche that would be easily distinguishable from other skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'data encryption', 'network configuration', 'permissions', and further specifies 'API keys, auth tokens, certificate pinning, EncryptedSharedPreferences, securing exported components'. | 3 / 3 |
Completeness | Clearly answers both 'what' (secure data encryption, network configuration, and permissions in Android apps) and 'when' (explicit 'Use when' clause with specific triggers like handling API keys, auth tokens, certificate pinning, etc.). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'API keys', 'auth tokens', 'certificate pinning', 'EncryptedSharedPreferences', 'exported components', 'encryption', 'permissions', 'Android apps'. These cover common terms developers use when seeking security guidance. | 3 / 3 |
Distinctiveness Conflict Risk | Clearly scoped to Android security specifically, with distinct triggers like 'EncryptedSharedPreferences', 'certificate pinning', and 'exported components' that are unlikely to conflict with general coding or non-Android security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, concise security standards skill that efficiently communicates key Android security practices without over-explaining. Its main weakness is the lack of inline executable code examples—specific configurations like `network_security_config.xml` snippets or `EncryptedSharedPreferences` setup code would make it more immediately actionable. The progressive disclosure to reference files is well done.
Suggestions
Add at least one inline code snippet for the most critical item (e.g., EncryptedSharedPreferences setup or network_security_config.xml example) so the skill is actionable without requiring navigation to references/implementation.md.
Consider adding a brief verification step or checklist (e.g., 'Verify no cleartext traffic: run `adb shell dumpsys package <pkg> | grep cleartext`') to strengthen workflow clarity for security auditing.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Every line is actionable and specific. No unnecessary explanations of what Android security is or how encryption works—assumes Claude's competence throughout. Bullet points are tight and information-dense. | 3 / 3 |
Actionability | Provides specific API names and configuration attributes (e.g., `cleartextTrafficPermitted="false"`, `android:exported="false"`, `EncryptedSharedPreferences`) but lacks executable code examples. The actual implementation is deferred to `references/implementation.md`, so the skill itself gives direction rather than copy-paste-ready code. | 2 / 3 |
Workflow Clarity | This is more of a checklist/standards document than a multi-step workflow, which is appropriate for the topic. However, there's no sequencing guidance (e.g., when to apply these during development) and no validation steps to verify security configurations are correctly applied. | 2 / 3 |
Progressive Disclosure | The skill is a concise overview with well-signaled one-level-deep references to implementation examples, shared OWASP baselines, and legacy security hardening. Content is appropriately split between the overview and referenced files. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
metadata_field | 'metadata' should map string keys to string values | Warning |
Total | 9 / 11 Passed | |
- Repository
- HoangNguyen0403/agent-skills-standard
- Commit
4c72e76
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.