CtrlK
BlogDocsLog inGet started
Tessl Logo

security-scan

AgentShield を使用して、Claude Code の設定(.claude/ ディレクトリ)のセキュリティ脆弱性、設定ミス、インジェクションリスクをスキャンします。CLAUDE.md、settings.json、MCP サーバー、フック、エージェント定義をチェックします。

85

2.25x
Quality

Does it follow best practices?

Impact

97%

2.25x

Average score across 3 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

72%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A well-structured, highly actionable CLI-wrapper skill with concrete commands throughout, but it is somewhat verbose and lacks explicit validation checkpoints around the destructive auto-fix workflow.

Suggestions

Consolidate the repeated `npx ecc-agentshield scan` invocations into one flag reference to reduce token redundancy.

Add an explicit validation/review checkpoint before and after `--fix` (e.g., re-scan after fixing and review the diff) since it mutates configuration.

Trim the 'これにより以下が実行されます' enumerations under each command to one-line summaries.

DimensionReasoningScore

Conciseness

The body is mostly executable commands and tables that earn their place, but it repeats `npx ecc-agentshield scan` across several sections and includes 'これにより以下が実行されます' enumerations that could be tightened.

2 / 3

Actionability

It provides copy-paste-ready, fully executable commands (`npx ecc-agentshield scan --format json`, `--fix`, `--opus --stream`, `init`) plus a concrete GitHub Action YAML and install commands.

3 / 3

Workflow Clarity

Sections are clearly organized and the Opus pipeline lists three steps, but the destructive `--fix` path has no validation/review checkpoint and the skill reads as a command catalog rather than a sequenced workflow with feedback loops.

2 / 3

Progressive Disclosure

As a CLI-wrapper skill it appropriately keeps everything in a single well-organized file with clear headers and tables; no external references are needed and navigation is easy via section headings.

3 / 3

Total

10

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A specific, distinctive description with strong natural trigger terms and concrete targets, but it omits an explicit 'when to use' clause, leaving the trigger timing implied rather than stated.

Suggestions

Add a 'Use when...' sentence stating when to invoke the skill, e.g., '新規プロジェクトのセットアップ時や .claude/ 設定変更後にセキュリティを監査する際に使用します。'

Include a couple of common trigger variations (監査/audit, セキュリティチェック) users might say alongside スキャン.

DimensionReasoningScore

Specificity

It lists multiple concrete actions and targets — scanning vulnerabilities, misconfigurations, and injection risks across CLAUDE.md, settings.json, MCP servers, hooks, and agent definitions.

3 / 3

Completeness

It clearly answers what the skill does, but there is no 'Use when...' clause or equivalent explicit trigger guidance, which caps completeness at 2 per the judging guidelines.

2 / 3

Trigger Term Quality

It uses natural terms a user would say when requesting a security audit: セキュリティ脆弱性, 設定ミス, インジェクションリスク, スキャン, plus concrete config filenames (CLAUDE.md, settings.json, MCP).

3 / 3

Distinctiveness Conflict Risk

It carves a clear niche — AgentShield-based security auditing of Claude Code's .claude/ configuration — with distinct triggers unlikely to conflict with other skills.

3 / 3

Total

11

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
affaan-m/everything-claude-code
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.