harden

VPS security auditing and hardening

Quality

43%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./src/skills/bundled/harden/SKILL.md

Quality

Content

64%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill is well-organized and concise, with clear command structures and a useful security checks reference table. However, it lacks executable implementation details (actual SSH commands, scripts, or code) that Claude would need to perform these operations, and critically missing validation/rollback steps for operations that could lock users out of their servers.

Suggestions

Add executable code or SSH command sequences for each operation (e.g., the actual `ufw` commands, `sshd_config` edits, `apt` commands) so Claude can perform the hardening rather than just knowing the command interface.

Add explicit validation checkpoints after risky operations—especially 'verify SSH access still works before closing current session' after SSH config changes and firewall enablement.

Include a rollback/recovery section for when hardening steps go wrong (e.g., firewall locks out the user), since these are destructive operations on remote servers.

Dimension	Reasoning	Score
Conciseness	The content is lean and well-structured. No unnecessary explanations of what SSH, firewalls, or fail2ban are. Every section earns its place with tables and concise bullet points.	3 / 3
Actionability	The commands and options are clearly specified, but there's no actual executable code showing how these commands are implemented—no SSH commands, no bash scripts, no Python code. It describes what the commands do but doesn't show the underlying implementation Claude would need to execute them.	2 / 3
Workflow Clarity	The commands imply a workflow (audit → fix → report), and the emergency command has a clear sequence. However, there are no explicit validation checkpoints or feedback loops—e.g., no 'verify SSH still works after changing config' step, which is critical for destructive/lockout-risk operations like firewall and SSH hardening.	2 / 3
Progressive Disclosure	The content is reasonably organized with clear sections and tables, but everything is in one file with no references to deeper documentation. The security checks table and fix details could benefit from linking to more detailed guides for each hardening area.	2 / 3
	Total	9 / 12 Passed

Description

22%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This description is too terse and vague to effectively guide skill selection. It names a domain but lacks concrete actions, natural trigger term variations, and any explicit 'Use when...' guidance. It would benefit significantly from listing specific capabilities and adding trigger conditions.

Suggestions

Add specific concrete actions such as 'Checks firewall configurations, audits SSH settings, reviews user permissions, identifies open ports, configures fail2ban, disables root login'.

Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about securing a VPS, server hardening, Linux security audit, firewall setup, or SSH configuration'.

Include natural trigger term variations like 'server security', 'Linux hardening', 'firewall rules', 'SSH lockdown', 'vulnerability check', and 'server audit'.

Dimension	Reasoning	Score
Specificity	The description names a domain ('VPS security') and two abstract actions ('auditing' and 'hardening'), but does not list any concrete specific actions like checking firewall rules, configuring SSH, disabling root login, etc.	1 / 3
Completeness	The description weakly addresses 'what' (auditing and hardening) but completely lacks any 'when' clause or explicit trigger guidance, which per the rubric caps completeness at 2 at best—and since the 'what' is also vague, it scores a 1.	1 / 3
Trigger Term Quality	'VPS', 'security', 'auditing', and 'hardening' are relevant keywords a user might use, but it misses common variations like 'server security', 'firewall', 'SSH', 'Linux server', 'vulnerability scan', or 'server lockdown'.	2 / 3
Distinctiveness Conflict Risk	'VPS security' is somewhat specific and narrows the domain, but 'auditing and hardening' could overlap with general security skills, Linux administration skills, or compliance-related skills.	2 / 3
	Total	6 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Repository: alsk1992/CloddsBot
Commit: e71a5f6

Reviewed: 2 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.