CtrlK
BlogDocsLog inGet started
Tessl Logo

security-review

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.

69

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

Highly actionable and well-structured security reference with executable code and thorough verification checklists, but it is a long monolithic document that would benefit from splitting detail into bundle reference files and trimming redundancy.

Suggestions

Move the per-topic deep dives (e.g. the Solana/blockchain section, full code examples) into reference files under references/ and link to them from a leaner overview, improving progressive disclosure.

Eliminate the redundancy between each section's "Verification Steps" and the final "Pre-Deployment Security Checklist" — keep one canonical checklist and cross-reference it.

Drop or gate the niche Solana section so the common web/security path stays lean for users who do not need blockchain guidance.

DimensionReasoningScore

Conciseness

The body is mostly concrete code and checklists rather than conceptual padding, but it is ~490 lines with redundancy — each section's "Verification Steps" are re-stated in the final "Pre-Deployment Security Checklist" — and a niche Solana section that not every user needs.

2 / 3

Actionability

Packed with executable TypeScript, SQL, and bash (zod validation, parameterized queries, httpOnly cookie setup, RLS policies, DOMPurify, rate-limit config, npm audit) that is specific and copy-paste ready, matching the fully-executable anchor.

3 / 3

Workflow Clarity

Each topic carries explicit "Verification Steps" checkboxes, consolidated by a "Pre-Deployment Security Checklist", and a "Security Testing" section with concrete tests — explicit validation checkpoints and checklists for a complex review process.

3 / 3

Progressive Disclosure

Headings are well organized, but everything is inline in one ~490-line SKILL.md with no references/ or other bundle files; the per-topic detail could be split into one-level-deep reference files rather than carried inline.

2 / 3

Total

10

/

12

Passed

Description

92%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong description with an explicit "Use this skill when..." trigger clause, concrete actions, and natural keywords. Its only weakness is that several triggers are broad enough to overlap with general-purpose coding skills.

Suggestions

Tighten the broad triggers (e.g. "handling user input" / "creating API endpoints") with a security qualifier so the skill only fires when a security review is actually wanted.

Sharpen the 'what' clause beyond "comprehensive security checklist and patterns" to name the concrete deliverable (e.g. "reviews code for OWASP-style vulnerabilities and supplies fix patterns").

DimensionReasoningScore

Specificity

Lists multiple concrete actions — "adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features" — matching the multi-action anchor rather than the single-domain anchor at 2.

3 / 3

Completeness

Explicitly answers both: the when via "Use this skill when adding authentication..." and the what via "Provides comprehensive security checklist and patterns", satisfying the explicit-trigger requirement that would otherwise cap at 2.

3 / 3

Trigger Term Quality

Uses natural terms a user would actually say ("authentication", "user input", "secrets", "API endpoints", "payment"), giving good coverage rather than the partial coverage scored at 2.

3 / 3

Distinctiveness Conflict Risk

The security niche is clear, but broad triggers like "handling user input" and "creating API endpoints" could plausibly fire for general coding tasks, so it is not yet at the unlikely-to-conflict level of 3.

2 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
devrev/meerkat
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.