security-scan
AgentShield を使用して、Claude Code の設定(.claude/ ディレクトリ)のセキュリティ脆弱性、設定ミス、インジェクションリスクをスキャンします。CLAUDE.md、settings.json、MCP サーバー、フック、エージェント定義をチェックします。
Install with Tessl CLI
npx tessl i github:affaan-m/everything-claude-code --skill security-scan84
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description excels at specificity and distinctiveness, clearly identifying the tool (AgentShield), target directory (.claude/), and specific files to check. However, it lacks explicit trigger guidance ('Use when...') and could benefit from more natural user-facing keywords that would help Claude recognize when users need security scanning.
Suggestions
Add a 'Use when...' clause with trigger terms like 'セキュリティチェック', 'security audit', 'scan config', 'check for vulnerabilities'
Include common user phrases such as '設定を確認', 'audit my Claude setup', or 'check for injection risks' to improve trigger term coverage
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: scanning security vulnerabilities, configuration errors, and injection risks. Also specifies exact targets: CLAUDE.md, settings.json, MCP servers, hooks, and agent definitions. | 3 / 3 |
Completeness | Clearly answers 'what' (scan for security vulnerabilities, misconfigurations, injection risks in Claude Code settings) but lacks an explicit 'Use when...' clause or equivalent trigger guidance for when Claude should select this skill. | 2 / 3 |
Trigger Term Quality | Includes relevant technical terms like 'AgentShield', '.claude/', 'CLAUDE.md', 'settings.json', 'MCP サーバー' but lacks common user-facing trigger terms. Users might say 'security check', 'audit config', or 'scan for vulnerabilities' which aren't explicitly covered. | 2 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with clear niche: specifically targets Claude Code configuration security via AgentShield. The combination of 'AgentShield', '.claude/ ディレクトリ', and specific file types makes it unlikely to conflict with other skills. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
87%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, actionable skill that efficiently documents AgentShield usage for Claude Code security scanning. The content is concise with excellent use of tables and executable examples. The main weakness is the lack of explicit validation workflows, particularly around the --fix flag which modifies files without a clear verify-then-commit process.
Suggestions
Add a validation workflow for --fix: recommend running scan without --fix first, reviewing findings, then applying fixes and re-scanning to verify
Include a checkpoint before committing: 'After running --fix, verify changes with git diff and re-run scan to confirm grade improvement'
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Content is lean and efficient, using tables for structured information and avoiding unnecessary explanations. Every section serves a clear purpose without explaining concepts Claude already knows. | 3 / 3 |
Actionability | Provides fully executable bash commands throughout, with copy-paste ready examples for scanning, output formats, auto-fix, and CI integration. The GitHub Action YAML is complete and usable. | 3 / 3 |
Workflow Clarity | While individual commands are clear, the skill lacks explicit validation checkpoints and feedback loops. For security scanning (a potentially risky operation with --fix), there's no verify-before-commit workflow or rollback guidance. | 2 / 3 |
Progressive Disclosure | Well-organized with clear sections progressing from basic to advanced usage. Tables efficiently summarize scan targets and severity levels. External links are provided for deeper documentation without nested references. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.