harden

VPS security auditing and hardening

Install with Tessl CLI

npx tessl i github:alsk1992/CloddsBot --skill harden

What are skills?

Overall
score

61%

Review — 48%

Does it follow best practices?

If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:

npx tessl skill review --optimize ./path/to/skill

Learn more

Validation — 10 / 11 Passed

Validation for skill structure

SKILL.md

Review

Evals

Discovery

22%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This description is too brief and vague to effectively guide skill selection. It lacks concrete actions, explicit trigger conditions, and sufficient detail to distinguish it from other security-related skills. The description needs substantial expansion to be useful in a multi-skill environment.

Suggestions

Add specific concrete actions like 'Configure firewalls, audit SSH settings, check open ports, review user permissions, analyze security logs'

Include a 'Use when...' clause with trigger terms like 'secure my VPS', 'server hardening', 'Linux security', 'check for vulnerabilities', 'firewall configuration'

Add natural keyword variations users might say: 'server security', 'secure my droplet/instance', 'harden Linux', 'security audit'

Dimension	Reasoning	Score
Specificity	The description uses vague language with no concrete actions listed. 'Security auditing and hardening' are abstract concepts without specific tasks like 'configure firewalls', 'review SSH settings', or 'check open ports'.	1 / 3
Completeness	Only weakly addresses 'what' (security auditing and hardening) with no 'when' clause. Missing explicit trigger guidance like 'Use when securing a VPS or reviewing server security configurations'.	1 / 3
Trigger Term Quality	Contains some relevant keywords ('VPS', 'security', 'auditing', 'hardening') that users might say, but misses common variations like 'server security', 'Linux hardening', 'firewall', 'SSH', 'vulnerability scan', or 'secure my server'.	2 / 3
Distinctiveness Conflict Risk	The 'VPS' qualifier provides some specificity, but 'security auditing and hardening' could overlap with general security skills, cloud security, or Linux administration skills.	2 / 3
	Total	6 / 12 Passed

Implementation

73%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill is well-organized and concise, effectively documenting a command interface for server hardening. However, it lacks the underlying implementation details (actual SSH commands, scripts) that would make it fully actionable, and security-critical operations would benefit from explicit validation checkpoints to prevent lockouts.

Suggestions

Add executable code snippets showing the actual SSH commands or scripts that implement each hardening action (e.g., the specific commands to configure UFW or disable root login)

Include explicit validation steps in the workflow, especially for `/harden fix` - e.g., 'Verify SSH access still works before proceeding to next change'

Add a rollback or recovery section explaining what to do if a change locks the user out of the server

Dimension	Reasoning	Score
Conciseness	The content is lean and efficient, using tables and bullet points to convey information without unnecessary explanation. No concepts are over-explained; it assumes Claude understands SSH, firewalls, and server administration.	3 / 3
Actionability	Commands are clearly specified with options and examples, but there's no actual executable code showing how these commands are implemented. The skill describes what the commands do but doesn't show the underlying scripts or SSH commands that would be executed.	2 / 3
Workflow Clarity	The commands imply a workflow (audit → fix → report), but there's no explicit validation or feedback loop. For security operations that could lock users out, missing explicit checkpoints (verify SSH access still works after changes) is a gap.	2 / 3
Progressive Disclosure	For a skill of this size (~70 lines), the structure is appropriate with clear sections for commands, options, examples, and security checks. No unnecessary external references or deeply nested content.	3 / 3
	Total	10 / 12 Passed

Validation

91%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Reviewed: 7 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.