android-security

Secure data encryption, network configuration, and permissions in Android apps. Use when handling API keys, auth tokens, certificate pinning, EncryptedSharedPreferences, or securing exported components.

Quality

82%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

64%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a concise, well-structured security checklist that efficiently covers key Android security domains without over-explaining. Its main weaknesses are the lack of executable code examples (relying on references that don't exist in the bundle) and the absence of validation/verification steps for the security configurations it recommends. Adding concrete code snippets and the referenced bundle files would significantly improve its utility.

Suggestions

Add executable code examples for key recommendations—e.g., a complete EncryptedSharedPreferences setup snippet and a network_security_config.xml template.

Include verification steps: how to confirm HTTPS enforcement is active, how to test that exported components are properly restricted (e.g., adb commands or test approaches).

Provide the referenced bundle files (references/implementation.md, etc.) or inline the most critical examples if the bundle is not available.

Dimension	Reasoning	Score
Conciseness	Every line is actionable and dense. No unnecessary explanations of what Android security is or how encryption works—assumes Claude's competence. Each bullet earns its place.	3 / 3
Actionability	Provides specific API names and configuration attributes (e.g., `cleartextTrafficPermitted="false"`, `android:exported="false"`, `EncryptedSharedPreferences`) but lacks executable code examples. Guidance like 'Use Android Keystore System' and 'Consider Certificate Pinning' is directional rather than copy-paste ready. References to implementation examples could fill this gap but the bundle files are missing.	2 / 3
Workflow Clarity	The skill is organized by security domain (storage, network, components, anti-patterns) which provides clear categorization, but there's no sequenced workflow or validation steps. For a security skill involving configuration changes to manifests and XML files, explicit verification steps (e.g., how to confirm HTTPS enforcement is working, how to test exported component settings) would strengthen this.	2 / 3
Progressive Disclosure	References to `references/implementation.md`, `common-security-standards`, and `android-legacy-security` show good intent for progressive disclosure, but no bundle files are provided to back them up. The references are well-signaled and one-level deep, but without the actual files, the navigation promise is unfulfilled.	2 / 3
	Total	9 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly defines its scope (Android app security), lists concrete capabilities, and provides explicit trigger terms via a 'Use when' clause. The trigger terms are highly specific to the Android security domain, making it both easy to match and unlikely to conflict with other skills.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: 'data encryption', 'network configuration', 'permissions', and further specifies 'API keys, auth tokens, certificate pinning, EncryptedSharedPreferences, securing exported components'.	3 / 3
Completeness	Clearly answers both 'what' (secure data encryption, network configuration, and permissions in Android apps) and 'when' (explicit 'Use when' clause with specific trigger scenarios like handling API keys, auth tokens, certificate pinning, etc.).	3 / 3
Trigger Term Quality	Includes strong natural keywords users would say: 'API keys', 'auth tokens', 'certificate pinning', 'EncryptedSharedPreferences', 'exported components', 'encryption', 'permissions', 'Android'. These cover common terms developers use when dealing with Android security.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with a clear niche: Android security specifically. Terms like 'EncryptedSharedPreferences', 'certificate pinning', and 'exported components' are very specific to Android security and unlikely to conflict with general coding or other platform skills.	3 / 3
	Total	12 / 12 Passed

Validation

81%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 9 / 11 Passed

Validation for skill structure

Criteria	Description	Result
metadata_version	'metadata.version' is missing	Warning
metadata_field	'metadata' should map string keys to string values	Warning

	Total	9 / 11 Passed

Repository: HoangNguyen0403/agent-skills-standard
Commit: de793e9

Reviewed: 4 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.