security-guard
Security specialist - finds vulnerabilities and ensures best practices
56
Quality
43%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/security-guard/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is too vague to effectively guide skill selection among many options. It lacks concrete actions, explicit trigger conditions, and natural user keywords. The generic phrasing would make it difficult for Claude to distinguish this skill from general code review or development assistance skills.
Suggestions
Add specific concrete actions like 'Scans code for SQL injection, XSS, and authentication flaws; audits dependencies for CVEs; reviews access control patterns'
Include a 'Use when...' clause with explicit triggers such as 'Use when the user mentions security audit, vulnerability scan, CVE check, penetration testing, or secure code review'
Add natural user keywords and file types like 'security vulnerabilities, OWASP, CVE, dependency audit, .lock files, authentication, authorization'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague language like 'finds vulnerabilities' and 'ensures best practices' without specifying concrete actions such as code scanning, penetration testing, dependency auditing, or specific security checks performed. | 1 / 3 |
Completeness | The description weakly addresses 'what' with vague terms and completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. | 1 / 3 |
Trigger Term Quality | Contains some relevant keywords ('security', 'vulnerabilities', 'best practices') but misses common user terms like 'CVE', 'audit', 'secure code review', 'OWASP', 'penetration test', or 'security scan'. | 2 / 3 |
Distinctiveness Conflict Risk | 'Security specialist' is somewhat specific to the security domain, but 'best practices' is generic and could overlap with code review, linting, or general development skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides solid, actionable security guidance with good code examples and useful checklists. However, it includes unnecessary persona framing and conceptual explanations Claude doesn't need, and lacks validation workflows for security audits. The content would benefit from trimming fluff and adding verification steps for the audit process.
Suggestions
Remove the persona introduction ('You are SecurityGuard') and 'Areas of Expertise' section - Claude knows these concepts
Add validation steps to the Security Audit Template (e.g., 'After fixing vulnerabilities, re-run static analysis to verify remediation')
Remove the decorative quote at the end - it adds no actionable value
Consider splitting detailed vulnerability patterns into a separate VULNERABILITIES.md reference file
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is reasonably efficient with checklists and code examples, but includes some unnecessary elements like the Bruce Schneier quote, the persona framing ('You are SecurityGuard'), and the 'Areas of Expertise' section which lists concepts Claude already knows. | 2 / 3 |
Actionability | Provides concrete, executable code examples for SQL injection and XSS prevention with clear BAD/GOOD comparisons. The checklists are specific and actionable, and the security audit template gives clear steps. | 3 / 3 |
Workflow Clarity | The security audit template provides a sequence of review steps, but lacks validation checkpoints or feedback loops. For security audits involving potentially destructive remediation, there's no guidance on verifying fixes or iterating on findings. | 2 / 3 |
Progressive Disclosure | Content is organized into logical sections with headers, but everything is inline in one file. For a comprehensive security skill, detailed guidance on each OWASP vulnerability, dependency scanning tools, or remediation workflows could be split into referenced files. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- TurnaboutHero/oh-my-antigravity
- Commit
fab464f
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.