shield

Security scanner for code, addresses, and transactions

Quality

35%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./src/skills/bundled/shield/SKILL.md

Quality

Content

37%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill is extremely terse — essentially just a command menu with no substance behind it. While conciseness is good, the skill fails to provide any actionable guidance on how the scanner works, what patterns it detects, what output looks like, or how to interpret results. A security-focused tool especially needs clear workflows with validation steps and examples of dangerous vs. safe patterns.

Suggestions

Add concrete examples for each command showing sample input and expected output (e.g., a code snippet with a malicious pattern and the scanner's response).

Define what malicious patterns the scanner detects (e.g., reentrancy, approval exploits, honeypot patterns) with specific code examples.

Add a workflow for transaction validation that includes validation checkpoints and guidance on how to handle flagged transactions (approve, reject, investigate further).

Include references to supporting files for known scam address databases, detection pattern details, and chain-specific behavior.

Dimension	Reasoning	Score
Conciseness	Very lean — just a title, one-line description, and a command reference table. No unnecessary explanations or padding. Every token earns its place.	3 / 3
Actionability	The skill only lists command signatures with brief descriptions but provides zero concrete guidance on what the commands actually do, how they work, what output to expect, what patterns are detected, or how to handle results. There are no examples, no code, and no executable instructions.	1 / 3
Workflow Clarity	There is no workflow, no sequencing of steps, and no validation or feedback loops. For a security scanner that could involve destructive or high-stakes decisions (e.g., transaction validation), there are no checkpoints or error-handling guidance.	1 / 3
Progressive Disclosure	The content is short and organized with a clear command table, but there are no references to any supporting files for details on scan patterns, known scam databases, chain-specific behavior, or advanced usage. The brevity here feels like missing content rather than intentional progressive disclosure.	2 / 3
	Total	7 / 12 Passed

Description

32%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is too terse and ambiguous to effectively guide skill selection. It lacks concrete actions, explicit trigger conditions, and domain specificity—'addresses' and 'transactions' could apply to many contexts (blockchain, email, financial, etc.). Without a 'Use when...' clause, Claude would struggle to reliably select this skill over others.

Suggestions

Add a 'Use when...' clause specifying trigger scenarios, e.g., 'Use when the user asks to audit code for vulnerabilities, check wallet addresses for risks, or analyze blockchain transactions for suspicious activity.'

Clarify the domain—specify whether this covers blockchain/crypto security, web application security, or general code security to reduce ambiguity of terms like 'addresses' and 'transactions'.

List specific concrete actions such as 'detect vulnerabilities in smart contracts, flag malicious wallet addresses, identify suspicious transaction patterns' instead of the generic 'security scanner'.

Dimension	Reasoning	Score
Specificity	Names the domain ('security scanner') and lists some targets ('code, addresses, and transactions'), but doesn't describe concrete actions like 'detect vulnerabilities', 'flag suspicious transactions', or 'validate addresses'.	2 / 3
Completeness	Provides a partial 'what' (security scanning for code, addresses, transactions) but completely lacks a 'when' clause or any explicit trigger guidance. Per rubric guidelines, a missing 'Use when...' clause caps completeness at 2, and the 'what' itself is also weak, warranting a 1.	1 / 3
Trigger Term Quality	Includes some relevant keywords like 'security', 'code', 'addresses', and 'transactions', but misses common user-facing terms like 'vulnerability', 'audit', 'scan', 'exploit', 'smart contract', 'wallet address', or file types. The terms are somewhat ambiguous—'addresses' and 'transactions' could refer to many domains.	2 / 3
Distinctiveness Conflict Risk	The combination of 'security scanner' with 'code, addresses, and transactions' provides some specificity, but 'code' is extremely broad and could overlap with general code review or linting skills. 'Addresses' and 'transactions' are ambiguous without domain context (blockchain? email? database?).	2 / 3
	Total	7 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Repository: alsk1992/CloddsBot
Commit: e71a5f6

Reviewed: 2 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.