repomix-safe-mixer

Safely package codebases with repomix by automatically detecting and removing hardcoded credentials before packing. Use when packaging code for distribution, creating reference packages, or when the user mentions security concerns about sharing code with repomix.

1.81x

Quality

83%

Does it follow best practices?

Impact

96%

1.81x

Average score across 3 eval scenarios

Securityby

Risky

Do not use without reviewing

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured, highly actionable skill with clear workflows and validation checkpoints. Its main weakness is verbosity—several sections repeat information or include content that would be better placed in reference files. The security-focused workflow with explicit blocking on secret detection is well-designed.

Suggestions

Move 'Detected Secret Types', 'Common False Positives', and 'Post-Exposure Actions' to reference files to reduce the main SKILL.md length and improve progressive disclosure.

Remove the 'Integration with Repomix' section as it duplicates the Options section almost entirely.

Dimension	Reasoning	Score
Conciseness	The skill is reasonably well-structured but includes some redundancy—the 'Integration with Repomix' section largely repeats the Options section, and the example workflows partially duplicate earlier content. The 'Post-Exposure Actions' and 'Common False Positives' sections, while useful, add bulk that could be trimmed or moved to a reference file.	2 / 3
Actionability	The skill provides concrete, copy-paste-ready commands throughout, with specific CLI invocations, clear before/after code examples for credential replacement, and explicit output examples showing what to expect. Every step is executable.	3 / 3
Workflow Clarity	The core workflow is clearly sequenced (scan → report → block/pack) with explicit validation checkpoints. The 'Handling Detected Secrets' section has a clear 5-step process with a verify-cleanup step before proceeding. The tool itself enforces a feedback loop by blocking packaging when secrets are found.	3 / 3
Progressive Disclosure	The skill references `references/common_secrets.md` and script files appropriately, but the main document is quite long (~200+ lines) with sections like 'Post-Exposure Actions', 'Common False Positives', and 'Detected Secret Types' that could be moved to reference files. The Resources section provides clear navigation but the body contains too much inline detail.	2 / 3
	Total	10 / 12 Passed

Description

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a solid skill description that clearly identifies its niche (repomix + credential safety), includes an explicit 'Use when' clause with multiple trigger scenarios, and is distinctive enough to avoid conflicts. The main weakness is that the specificity of capabilities could be stronger by listing more concrete actions beyond detecting credentials and packing.

Suggestions

Add more specific concrete actions to improve specificity, e.g., 'scans for API keys, tokens, and passwords; generates .repomixignore files; produces sanitized output bundles'

Dimension	Reasoning	Score
Specificity	The description names the domain (packaging codebases with repomix) and mentions two actions (detecting and removing hardcoded credentials, packing), but doesn't list multiple specific concrete actions beyond that. It's more focused on a single workflow than enumerating distinct capabilities.	2 / 3
Completeness	Clearly answers both 'what' (safely package codebases with repomix by detecting and removing hardcoded credentials) and 'when' (explicit 'Use when' clause covering packaging for distribution, creating reference packages, or security concerns about sharing code).	3 / 3
Trigger Term Quality	Includes natural keywords users would say: 'repomix', 'packaging code', 'distribution', 'reference packages', 'security concerns', 'sharing code', 'hardcoded credentials'. Good coverage of terms a user might naturally use when needing this skill.	3 / 3
Distinctiveness Conflict Risk	Very specific niche combining repomix packaging with credential detection. The mention of 'repomix' specifically and the security/credential angle make it highly distinctive and unlikely to conflict with generic code packaging or security scanning skills.	3 / 3
	Total	11 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: daymade/claude-code-skills
Commit: 0f104ea

Reviewed: 6 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.