android-security
Secure Data Encryption, Network Security, and Permissions on Android. Use when handling API keys, auth tokens, cleartext traffic, android:exported, EncryptedSharedPreferences, certificate pinning, or root detection — even if the user just asks 'is this secure'. (triggers: network_security_config.xml, AndroidManifest.xml, EncryptedSharedPreferences, cleartextTrafficPermitted, intent-filter, api key, token storage, certificate pinning, root detection, secure storage)
89
86%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines its scope (Android security), lists concrete capabilities, and provides comprehensive trigger terms covering both technical identifiers and natural language queries. The explicit 'Use when...' clause with the additional parenthetical triggers list ensures Claude can reliably select this skill. The description is well-structured, concise, and highly distinctive.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and concepts: data encryption, network security, permissions, API keys, auth tokens, cleartext traffic, certificate pinning, root detection, EncryptedSharedPreferences. These are all concrete, identifiable security domains on Android. | 3 / 3 |
Completeness | Clearly answers both 'what' (secure data encryption, network security, and permissions on Android) and 'when' (explicit 'Use when...' clause with detailed triggers, plus a parenthetical list of trigger terms). Also covers the edge case of vague user queries like 'is this secure'. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms including both technical identifiers (network_security_config.xml, AndroidManifest.xml, EncryptedSharedPreferences, cleartextTrafficPermitted) and natural language terms users would say ('api key', 'token storage', 'is this secure', 'certificate pinning', 'root detection', 'secure storage'). | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: Android-specific security concerns. The combination of Android platform + security domain + specific technical artifacts (AndroidManifest.xml, network_security_config.xml, EncryptedSharedPreferences) makes it very unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, concise security checklist that effectively uses progressive disclosure to keep the main skill lean while pointing to detailed references. Its main weakness is the lack of any inline executable code snippets (e.g., EncryptedSharedPreferences setup, network_security_config.xml template) and the absence of verification/validation steps for security configurations.
Suggestions
Add at least one minimal executable code snippet inline, such as an EncryptedSharedPreferences initialization or a network_security_config.xml template, so the skill is immediately actionable without navigating to references.
Add verification steps for key security configurations (e.g., 'Test cleartext blocking: adb shell am start -a android.intent.action.VIEW -d http://example.com' or 'Verify exported components: aapt dump xmltree app.apk AndroidManifest.xml | grep exported').
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Very lean and efficient. Every line delivers actionable security guidance without explaining what Android, HTTPS, or keystores are. No unnecessary padding or concept explanations. | 3 / 3 |
Actionability | Provides specific API names and configuration attributes (EncryptedSharedPreferences, network_security_config.xml, android:exported), but lacks executable code examples. The actual implementation is deferred to references/implementation.md rather than shown inline with at least a minimal snippet. | 2 / 3 |
Workflow Clarity | The content is organized by security domain (storage, network, components) which is clear, but there's no sequenced workflow or validation steps. For a security skill, verification steps (e.g., how to confirm cleartext is blocked, how to test exported components) would strengthen this significantly. | 2 / 3 |
Progressive Disclosure | Clean overview with well-signaled one-level-deep references to implementation examples, shared OWASP baselines, and legacy security hardening. Content is appropriately split between the overview and referenced files. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- HoangNguyen0403/agent-skills-standard
- Commit
19a1140
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.