security-scan
AgentShield を使用して、Claude Code の設定(.claude/ ディレクトリ)のセキュリティ脆弱性、設定ミス、インジェクションリスクをスキャンします。CLAUDE.md、settings.json、MCP サーバー、フック、エージェント定義をチェックします。
82
73%
Does it follow best practices?
Impact
97%
2.25xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./docs/ja-JP/skills/security-scan/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity and distinctiveness, clearly identifying the tool (AgentShield), the target (.claude/ directory), and the specific checks performed. The main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill. The Japanese language is appropriate if the target audience is Japanese-speaking users.
Suggestions
Add an explicit 'Use when...' clause, e.g., '使用タイミング:ユーザーがClaude Codeの設定のセキュリティチェック、.claude/ディレクトリの監査、またはMCPサーバーやフックの安全性確認を求めた場合に使用します。'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: scanning security vulnerabilities, configuration errors, and injection risks. Also specifies concrete targets: CLAUDE.md, settings.json, MCP servers, hooks, and agent definitions. | 3 / 3 |
Completeness | Clearly answers 'what does this do' (scan Claude Code configuration for security issues), but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The when is only implied by the description of capabilities. | 2 / 3 |
Trigger Term Quality | Includes strong natural trigger terms that users would say: 'AgentShield', 'セキュリティ脆弱性' (security vulnerabilities), '設定ミス' (misconfiguration), 'インジェクションリスク' (injection risk), '.claude/', 'CLAUDE.md', 'settings.json', 'MCP サーバー', 'フック' (hooks). Good coverage of relevant keywords. | 3 / 3 |
Distinctiveness Conflict Risk | Very distinct niche: specifically targets Claude Code's .claude/ directory configuration security. The combination of AgentShield, Claude Code settings, and security scanning creates a clear, unique identity unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides strong actionable guidance with executable commands covering all major use cases of AgentShield. Its main weaknesses are the lack of an explicit scan-fix-verify workflow loop (important for a tool that modifies security configurations) and some verbosity in sections that explain what the tool's output already communicates. The content would benefit from a clearer end-to-end workflow and better progressive disclosure.
Suggestions
Add an explicit end-to-end workflow with validation: scan → review findings → apply fixes (--fix) → re-scan to verify grade improved → commit, with a checkpoint to abort if critical findings remain after fix.
Move the detailed '結果の解釈' section to a separate FINDINGS_GUIDE.md reference file, keeping only a brief summary in the main skill.
Remove or condense the '起動タイミング' section — Claude can infer when security scans are appropriate without an explicit trigger list.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with good table-based summaries, but includes some unnecessary sections like the detailed 'スキャン対象' table and the extensive '結果の解釈' section that explain what the tool already reports. The '起動タイミング' section is also somewhat redundant as Claude can infer when to run security scans. | 2 / 3 |
Actionability | Provides fully executable, copy-paste ready commands for every operation: scanning, output formatting, auto-fix, deep analysis, initialization, and CI integration. The GitHub Action YAML snippet and all CLI commands are concrete and complete. | 3 / 3 |
Workflow Clarity | While individual commands are clear, there's no explicit end-to-end workflow with validation checkpoints. For a security scanning tool that can auto-fix files (--fix), there should be a clear sequence like: scan → review findings → fix → re-scan to verify. The Opus pipeline has numbered steps but the overall scan-fix-verify loop is missing. | 2 / 3 |
Progressive Disclosure | Content is well-organized with clear headers and tables, but it's a monolithic document with no bundle files. The detailed severity interpretations and finding categories could be split into a separate reference file. For a skill of this length (~130 lines), some content like the full findings interpretation guide would benefit from being in a separate file. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- affaan-m/everything-claude-code
- Commit
928076c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.