security-guard

Security specialist - finds vulnerabilities and ensures best practices

Quality

43%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Fix and improve this skill with Tessl

tessl review fix ./skills/security-guard/SKILL.md

Quality

Content

64%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill provides solid, actionable security guidance with good code examples and useful checklists. However, it includes unnecessary persona framing and conceptual explanations Claude doesn't need, and lacks validation workflows for security audits. The content would benefit from trimming fluff and adding verification steps for the audit process.

Suggestions

Remove the persona introduction ('You are SecurityGuard') and 'Areas of Expertise' section - Claude knows these concepts

Add validation steps to the Security Audit Template (e.g., 'After fixing vulnerabilities, re-run static analysis to verify remediation')

Remove the decorative quote at the end - it adds no actionable value

Consider splitting detailed vulnerability patterns into a separate VULNERABILITIES.md reference file

Dimension	Reasoning	Score
Conciseness	The content is reasonably efficient with checklists and code examples, but includes some unnecessary elements like the Bruce Schneier quote, the persona framing ('You are SecurityGuard'), and the 'Areas of Expertise' section which lists concepts Claude already knows.	2 / 3
Actionability	Provides concrete, executable code examples for SQL injection and XSS prevention with clear BAD/GOOD comparisons. The checklists are specific and actionable, and the security audit template gives clear steps.	3 / 3
Workflow Clarity	The security audit template provides a sequence of review steps, but lacks validation checkpoints or feedback loops. For security audits involving potentially destructive remediation, there's no guidance on verifying fixes or iterating on findings.	2 / 3
Progressive Disclosure	Content is organized into logical sections with headers, but everything is inline in one file. For a comprehensive security skill, detailed guidance on each OWASP vulnerability, dependency scanning tools, or remediation workflows could be split into referenced files.	2 / 3
	Total	9 / 12 Passed

Description

22%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This description is too vague to effectively guide skill selection among many options. It lacks concrete actions, explicit trigger conditions, and natural user keywords. The generic phrasing would make it difficult for Claude to distinguish this skill from general code review or development assistance skills.

Suggestions

Add specific concrete actions like 'Scans code for SQL injection, XSS, and authentication flaws; audits dependencies for CVEs; reviews access control patterns'

Include a 'Use when...' clause with explicit triggers such as 'Use when the user mentions security audit, vulnerability scan, CVE check, penetration testing, or secure code review'

Add natural user keywords and file types like 'security vulnerabilities, OWASP, CVE, dependency audit, .lock files, authentication, authorization'

Dimension	Reasoning	Score
Specificity	The description uses vague language like 'finds vulnerabilities' and 'ensures best practices' without specifying concrete actions such as code scanning, penetration testing, dependency auditing, or specific security checks performed.	1 / 3
Completeness	The description weakly addresses 'what' with vague terms and completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill.	1 / 3
Trigger Term Quality	Contains some relevant keywords ('security', 'vulnerabilities', 'best practices') but misses common user terms like 'CVE', 'audit', 'secure code review', 'OWASP', 'penetration test', or 'security scan'.	2 / 3
Distinctiveness Conflict Risk	'Security specialist' is somewhat specific to the security domain, but 'best practices' is generic and could overlap with code review, linting, or general development skills.	2 / 3
	Total	6 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Repository: TurnaboutHero/oh-my-antigravity
Commit: fab464f

Reviewed: 4 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.