shield
Security scanner for code, addresses, and transactions
47
35%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./src/skills/bundled/shield/SKILL.mdQuality
Discovery
32%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is too terse and ambiguous to effectively guide skill selection. It lacks concrete actions, explicit trigger conditions, and domain specificity—'addresses' and 'transactions' could apply to many contexts (blockchain, email, financial, etc.). Without a 'Use when...' clause, Claude would struggle to reliably select this skill over others.
Suggestions
Add a 'Use when...' clause specifying trigger scenarios, e.g., 'Use when the user asks to audit code for vulnerabilities, check wallet addresses for risks, or analyze blockchain transactions for suspicious activity.'
Clarify the domain—specify whether this covers blockchain/crypto security, web application security, or general code security to reduce ambiguity of terms like 'addresses' and 'transactions'.
List specific concrete actions such as 'detect vulnerabilities in smart contracts, flag malicious wallet addresses, identify suspicious transaction patterns' instead of the generic 'security scanner'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain ('security scanner') and lists some targets ('code, addresses, and transactions'), but doesn't describe concrete actions like 'detect vulnerabilities', 'flag suspicious transactions', or 'validate addresses'. | 2 / 3 |
Completeness | Provides a partial 'what' (security scanning for code, addresses, transactions) but completely lacks a 'when' clause or any explicit trigger guidance. Per rubric guidelines, a missing 'Use when...' clause caps completeness at 2, and the 'what' itself is also weak, warranting a 1. | 1 / 3 |
Trigger Term Quality | Includes some relevant keywords like 'security', 'code', 'addresses', and 'transactions', but misses common user-facing terms like 'vulnerability', 'audit', 'scan', 'exploit', 'smart contract', 'wallet address', or file types. The terms are somewhat ambiguous—'addresses' and 'transactions' could refer to many domains. | 2 / 3 |
Distinctiveness Conflict Risk | The combination of 'security scanner' with 'code, addresses, and transactions' provides some specificity, but 'code' is extremely broad and could overlap with general code review or linting skills. 'Addresses' and 'transactions' are ambiguous without domain context (blockchain? email? database?). | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
37%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is extremely terse — essentially just a command menu with no substance behind it. While conciseness is good, the skill fails to provide any actionable guidance on how the scanner works, what patterns it detects, what output looks like, or how to interpret results. A security-focused tool especially needs clear workflows with validation steps and examples of dangerous vs. safe patterns.
Suggestions
Add concrete examples for each command showing sample input and expected output (e.g., a code snippet with a malicious pattern and the scanner's response).
Define what malicious patterns the scanner detects (e.g., reentrancy, approval exploits, honeypot patterns) with specific code examples.
Add a workflow for transaction validation that includes validation checkpoints and guidance on how to handle flagged transactions (approve, reject, investigate further).
Include references to supporting files for known scam address databases, detection pattern details, and chain-specific behavior.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Very lean — just a title, one-line description, and a command reference table. No unnecessary explanations or padding. Every token earns its place. | 3 / 3 |
Actionability | The skill only lists command signatures with brief descriptions but provides zero concrete guidance on what the commands actually do, how they work, what output to expect, what patterns are detected, or how to handle results. There are no examples, no code, and no executable instructions. | 1 / 3 |
Workflow Clarity | There is no workflow, no sequencing of steps, and no validation or feedback loops. For a security scanner that could involve destructive or high-stakes decisions (e.g., transaction validation), there are no checkpoints or error-handling guidance. | 1 / 3 |
Progressive Disclosure | The content is short and organized with a clear command table, but there are no references to any supporting files for details on scan patterns, known scam databases, chain-specific behavior, or advanced usage. The brevity here feels like missing content rather than intentional progressive disclosure. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- alsk1992/CloddsBot
- Commit
e71a5f6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.