ai-security-verification
Comprehensive AI security verification using OWASP AI Security Verification Standard (AISVS) framework. Provides structured checklist to verify security and ethical considerations across 13 categories of AI-driven applications, from training data governance to human oversight.
57
36%
Does it follow best practices?
Impact
98%
1.06xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./.claude/skills/ai-security-verification/SKILL.mdQuality
Discovery
57%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear and distinctive niche (OWASP AISVS-based AI security verification) and provides moderate specificity about what it covers. However, it lacks an explicit 'Use when...' clause which caps completeness, and the trigger terms could be broader to capture more natural user phrasings. The description reads more like a summary than a selection guide.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about AI security audits, AI application security reviews, OWASP AISVS compliance, or verifying security of machine learning systems.'
Include more natural trigger term variations such as 'AI safety', 'ML security', 'model security audit', 'AI compliance checklist', 'AI risk assessment' to improve discoverability.
List more concrete actions beyond 'provides structured checklist', e.g., 'Evaluates training data governance, assesses model robustness, reviews access controls, checks bias mitigation, verifies human oversight mechanisms.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (AI security verification) and references the OWASP AISVS framework with some specifics like '13 categories' and mentions training data governance and human oversight, but doesn't list multiple concrete actions beyond 'provides structured checklist to verify'. | 2 / 3 |
Completeness | The 'what' is reasonably covered (structured checklist for AI security verification across 13 categories), but there is no explicit 'Use when...' clause or equivalent trigger guidance telling Claude when to select this skill. | 2 / 3 |
Trigger Term Quality | Includes relevant keywords like 'OWASP', 'AISVS', 'AI security', 'training data governance', 'human oversight', but misses common user-facing variations like 'AI safety', 'model security audit', 'ML security', 'AI compliance', or 'security checklist'. | 2 / 3 |
Distinctiveness Conflict Risk | The OWASP AISVS framework is a very specific niche, and the combination of AI security verification with a structured checklist approach makes this clearly distinguishable from other skills with minimal conflict risk. | 3 / 3 |
Total | 9 / 12 Passed |
Implementation
14%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads as a high-level table of contents for the OWASP AISVS framework rather than an actionable skill. It lacks concrete verification steps, specific checks or questions to ask, example findings, and any executable guidance. The 13 categories are described at such a high level of abstraction that Claude would need to rely entirely on its own knowledge to perform any actual assessment, making the skill largely redundant.
Suggestions
Add concrete, specific verification checks under each category (e.g., 'Verify that training data sources are documented with provenance metadata' rather than 'Assess data quality, provenance, bias detection').
Provide an example finding using the referenced `templates/finding.md` format so Claude knows exactly what output to produce, and either include the template in a bundle or inline the format.
Create supporting reference files for each of the 13 categories with detailed checklists of specific items to verify, and link to them from the main SKILL.md.
Add a workflow section explaining how to sequence the assessment — e.g., what to do first, how to scope the assessment, when to escalate findings, and how to validate that checks were performed correctly.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is moderately efficient but includes some unnecessary verbosity in the category descriptions. The brief summaries after each category (e.g., 'Assess data quality, provenance, bias detection, and governance controls throughout the data lifecycle') are somewhat generic and don't add much actionable value beyond the category name itself. | 2 / 3 |
Actionability | The skill is almost entirely abstract and descriptive. It lists categories to 'assess,' 'evaluate,' 'review,' 'examine,' and 'verify' but provides no concrete guidance on HOW to perform any of these assessments — no specific checks, no commands, no code, no checklists with actual verification items, no example findings. It describes rather than instructs. | 1 / 3 |
Workflow Clarity | While the 13 categories are numbered, there is no actual workflow — no sequencing logic, no validation checkpoints, no feedback loops, and no guidance on how to proceed through the assessment. The steps are really just a list of topics, not a process with clear actions and decision points. | 1 / 3 |
Progressive Disclosure | The skill references `templates/finding.md` but no bundle files are provided, making this a broken reference. There are no supporting files for the 13 detailed categories, which desperately need deeper content. Each category could benefit from its own reference file with actual checklists, but none exist. The OWASP references section lists documents without links or actionable pointers. | 1 / 3 |
Total | 5 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
Total | 10 / 11 Passed | |
- Repository
- OWASP/secure-agent-playbook
- Commit
3f4fcb6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.