CtrlK
BlogDocsLog inGet started
Tessl Logo

security-review

認証の追加、ユーザー入力の処理、シークレットの操作、APIエンドポイントの作成、支払い/機密機能の実装時にこのスキルを使用します。包括的なセキュリティチェックリストとパターンを提供します。

66

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A highly actionable security reference with strong executable FAIL/PASS examples and per-section verification checklists. Its weaknesses are length/duplication (the deploy checklist repeats per-section checks) and a fully monolithic structure with no progressive disclosure into reference files.

Suggestions

De-duplicate by making the per-section '検証ステップ' the canonical checks and reducing the final 'デプロイ前セキュリティチェックリスト' to a short pointer/gate rather than re-listing every item.

Split the monolithic file: keep SKILL.md as a concise overview with the trigger list and quick reference, and move per-category deep-dives into reference files (e.g., references/auth.md, references/secrets.md) linked one level deep.

Add a brief sequenced review workflow with a validation feedback loop (review → run checks → fix → re-verify) so the checklists form an ordered process rather than a parallel list.

DimensionReasoningScore

Conciseness

The body is mostly lean, executable code and checklists without explaining concepts Claude already knows, but at ~490 lines the final 'デプロイ前セキュリティチェックリスト' substantially duplicates the per-section '検証ステップ' checklists and the intro sentence is mild fluff — 'mostly efficient but could be tightened', not the lean anchor at 3.

2 / 3

Actionability

Provides fully executable TypeScript/SQL/bash examples with explicit FAIL/PASS pairs and concrete commands (npm audit, npm ci, parameterized queries), matching the 'fully executable, copy-paste ready' anchor rather than the pseudocode anchor at 2.

3 / 3

Workflow Clarity

Each section has explicit '検証ステップ' checkboxes and a consolidated pre-deploy gate, but there is no sequenced review process or error-recovery feedback loop (no 'if check fails, fix and re-verify'), fitting 'steps/checkpoints present but sequence implicit' rather than the full feedback-loop anchor at 3.

2 / 3

Progressive Disclosure

Content is well-organized into 10 numbered sections but everything is inline in one ~490-line file with no references/scripts/assets bundle files, so content that should be split (per-category deep-dive, full checklist) is inline — the 'could be better organized, content that should be separate is inline' anchor rather than a monolithic wall at 1 or a well-split overview at 3.

2 / 3

Total

9

/

12

Passed

Description

92%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong description with explicit what/when structure and natural, concrete trigger terms. The main weakness is some overlap risk with general code-review skills and a mild over-claim ('包括的な') in the deliverable clause.

Suggestions

Tighten the 'what' clause — replace '包括的な' (comprehensive, a mild over-claim) with a more concrete deliverable statement.

Narrow distinctiveness by naming a specific artifact scope (e.g., 'Next.js/Supabase web app security review') to reduce overlap with generic code-review skills.

DimensionReasoningScore

Specificity

Lists multiple concrete trigger actions — '認証の追加、ユーザー入力の処理、シークレットの操作、APIエンドポイントの作成、支払い/機密機能の実装' — alongside a concrete deliverable ('包括的なセキュリティチェックリストとパターンを提供'), matching the 'lists multiple specific concrete actions' anchor rather than the vague single-action anchor at 2.

3 / 3

Completeness

Explicitly states both what ('包括的なセキュリティチェックリストとパターンを提供します') and when ('…実装時にこのスキルを使用します'), with an explicit 'Use when…' style clause, so it is not capped at 2.

3 / 3

Trigger Term Quality

Natural developer phrasing is well covered — adding authentication, processing user input, handling secrets, creating API endpoints, implementing payments — terms a user would actually say, matching the 'good coverage of natural terms' anchor.

3 / 3

Distinctiveness Conflict Risk

The triggers are security-specific, but 'security review' is a broad cross-cutting concern that could overlap with general code-review or scanning skills, fitting 'somewhat specific but could still overlap' rather than the clearly-niche anchor at 3.

2 / 3

Total

11

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
affaan-m/everything-claude-code
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.