senior-security
tessl i github:alirezarezvani/claude-skills --skill senior-securityComprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing. Includes security assessment tools, threat modeling, crypto implementation, and security automation. Use when designing security architecture, conducting penetration tests, implementing cryptography, or performing security audits.
Validation
81%| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 13 / 16 Passed | |
Implementation
7%This skill is a template shell with no actual security content. It claims to cover threat modeling, penetration testing, and cryptography but provides zero concrete techniques, tools, commands, or methodologies. The content is generic boilerplate that could apply to any domain, with security terms superficially inserted.
Suggestions
Replace placeholder script documentation with actual security tool commands (e.g., specific nmap scans, OWASP ZAP configurations, or threat modeling frameworks like STRIDE with concrete examples)
Add executable code examples for cryptography implementation (e.g., proper key derivation with argon2, secure random generation, authenticated encryption patterns)
Define concrete penetration testing workflows with validation checkpoints (e.g., reconnaissance -> enumeration -> exploitation -> post-exploitation with specific tool commands at each stage)
Remove generic 'Best Practices Summary' and 'Tech Stack' sections entirely—they waste tokens on information Claude already knows and aren't security-specific
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with generic filler content that adds no security-specific value. Sections like 'Best Practices Summary' contain platitudes Claude already knows ('Write clear code', 'Keep it simple'). The tech stack listing is irrelevant padding for a security skill. | 1 / 3 |
Actionability | No concrete security guidance whatsoever. Script commands are placeholders with '[options]' and '[arguments]' instead of real parameters. No actual threat modeling methodology, no penetration testing techniques, no cryptography implementation details—just vague feature lists. | 1 / 3 |
Workflow Clarity | No security workflows are defined. For a skill covering penetration testing and security auditing, there are no validation checkpoints, no attack sequences, no remediation steps. The 'Development Workflow' section is generic npm/pip boilerplate unrelated to security operations. | 1 / 3 |
Progressive Disclosure | References to external files (references/*.md) are present and one-level deep, which is appropriate structure. However, the main content is still bloated with generic content that should either be removed or moved to references, and the referenced files may not contain substantive content given the quality of the main file. | 2 / 3 |
Total | 5 / 12 Passed |
Activation
100%This is a strong skill description that effectively communicates comprehensive security engineering capabilities with specific actions and clear trigger conditions. It uses appropriate third-person voice, includes natural keywords security professionals would use, and has an explicit 'Use when...' clause that covers the main use cases. The description is well-structured and distinguishable from other potential skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'application security, penetration testing, security architecture, compliance auditing, security assessment tools, threat modeling, crypto implementation, security automation' - these are concrete, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both what (security engineering capabilities including assessment, testing, architecture, compliance) AND when with explicit 'Use when...' clause covering four distinct trigger scenarios. | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'security architecture', 'penetration testing', 'security audits', 'cryptography', 'threat modeling', 'compliance auditing' - these are terms security professionals and developers naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Clear security engineering niche with distinct triggers like 'penetration tests', 'cryptography', 'security audits', 'threat modeling' - unlikely to conflict with general coding or documentation skills. | 3 / 3 |
Total | 12 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.