android-security
Secure data encryption, network configuration, and permissions in Android apps. Use when handling API keys, auth tokens, certificate pinning, EncryptedSharedPreferences, or securing exported components.
67
82%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope (Android app security), lists specific capabilities, and includes an explicit 'Use when' clause with concrete trigger terms. The description uses proper third-person voice and covers both domain-specific technical terms and more general security concepts that developers would naturally mention.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'data encryption', 'network configuration', 'permissions', 'API keys', 'auth tokens', 'certificate pinning', 'EncryptedSharedPreferences', 'securing exported components'. These are concrete, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (secure data encryption, network configuration, and permissions in Android apps) and 'when' (explicit 'Use when' clause listing specific trigger scenarios like handling API keys, auth tokens, certificate pinning, etc.). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords a developer would use: 'API keys', 'auth tokens', 'certificate pinning', 'EncryptedSharedPreferences', 'encryption', 'permissions', 'Android apps', 'exported components'. Good coverage of both general and specific terms. | 3 / 3 |
Distinctiveness Conflict Risk | Clearly scoped to Android security specifically, with distinct triggers like 'EncryptedSharedPreferences', 'certificate pinning', and 'exported components' that are unlikely to conflict with general Android development or general security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-organized, concise security checklist that efficiently communicates key Android security practices without over-explaining. Its main weakness is the lack of executable code examples—particularly for EncryptedSharedPreferences setup and network_security_config.xml—which limits actionability. The referenced implementation file doesn't exist in the bundle, undermining the progressive disclosure structure.
Suggestions
Add a concrete, copy-paste-ready code example for EncryptedSharedPreferences initialization and a sample network_security_config.xml template to improve actionability.
Include a verification step for at least one security measure (e.g., 'Test HTTPS enforcement by attempting a cleartext request and confirming it fails').
Provide the referenced `references/implementation.md` file with setup examples, or remove the reference if the bundle won't include it.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Every line is actionable and dense. No unnecessary explanations of what Android security is or how encryption works—assumes Claude already knows these concepts. Each bullet earns its place. | 3 / 3 |
Actionability | Provides specific API names and configuration attributes (e.g., `cleartextTrafficPermitted="false"`, `android:exported="false"`, `EncryptedSharedPreferences`) but lacks executable code examples. For a security skill involving encryption setup and network config, concrete code snippets (e.g., EncryptedSharedPreferences initialization, network_security_config.xml template) would significantly improve actionability. | 2 / 3 |
Workflow Clarity | Guidelines are clearly categorized (Data Storage, Network, Component Export, Anti-Patterns) but there's no sequenced workflow or validation steps. For security-critical operations like configuring encryption or certificate pinning, explicit verification steps (e.g., 'verify HTTPS enforcement by testing with HTTP URL') would be valuable. | 2 / 3 |
Progressive Disclosure | References to implementation examples and related skills are well-structured and one-level deep. However, the bundle has no files, so `references/implementation.md` doesn't exist, and the cross-skill references (`common/common-security-standards`, `android/android-legacy-security`) cannot be verified. The overview itself is appropriately concise for a top-level file. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
metadata_field | 'metadata' should map string keys to string values | Warning |
Total | 9 / 11 Passed | |
- Repository
- HoangNguyen0403/agent-skills-standard
- Commit
3df717f
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.