security-review

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.

Quality

79%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./docs/v19.7/configuration/agent/skills_external/antigravity-awesome-skills-main/skills/cc-skill-security-review/SKILL.md

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a strong, actionable security skill with excellent executable code examples and clear verification checklists. The main weakness is its length - at 400+ lines it could benefit from splitting detailed sections into separate reference files. Some explanatory text could be trimmed since Claude understands security concepts.

Suggestions

Split detailed sections (blockchain security, rate limiting, dependency management) into separate reference files linked from a concise overview

Remove explanatory phrases like 'Security is not optional' and concept explanations - focus purely on the actionable patterns and checklists

Dimension	Reasoning	Score
Conciseness	The skill is comprehensive but includes some unnecessary explanations Claude would know (e.g., explaining what SQL injection is, basic concepts). The code examples are valuable but some sections could be tightened.	2 / 3
Actionability	Excellent executable code examples throughout - TypeScript validation schemas, SQL policies, rate limiting configs, and security tests are all copy-paste ready with real implementations.	3 / 3
Workflow Clarity	Clear verification checklists after each section with explicit checkboxes, a comprehensive pre-deployment checklist, and security testing examples that demonstrate validation workflows.	3 / 3
Progressive Disclosure	The content is well-organized with clear sections, but it's a monolithic 400+ line file. Topics like blockchain security, rate limiting, and dependency management could be split into separate reference files with links from the main skill.	2 / 3
	Total	10 / 12 Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This description has strong completeness with an explicit 'Use this skill when...' clause and good trigger term coverage for security-related tasks. However, it lacks specificity about concrete actions (what exactly does the checklist cover? what patterns are provided?) and could potentially conflict with general API or authentication skills.

Suggestions

Add specific concrete actions like 'validates input sanitization, reviews authentication flows, checks for SQL injection vulnerabilities, audits secret management'

Differentiate from general API/auth skills by emphasizing the security audit/review aspect more explicitly

Dimension	Reasoning	Score
Specificity	Names the domain (security) and lists several areas (authentication, user input, secrets, API endpoints, payment features), but lacks concrete actions - 'Provides comprehensive security checklist and patterns' is vague about what specific actions are performed.	2 / 3
Completeness	Explicitly answers both what ('Provides comprehensive security checklist and patterns') and when ('Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features').	3 / 3
Trigger Term Quality	Good coverage of natural terms users would say: 'authentication', 'user input', 'secrets', 'API endpoints', 'payment', 'sensitive features' are all terms developers naturally use when discussing security concerns.	3 / 3
Distinctiveness Conflict Risk	While security-focused, terms like 'API endpoints' and 'user input' could overlap with general web development or API skills. The security niche is clear but boundaries with adjacent skills could be sharper.	2 / 3
	Total	10 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Repository: duclm1x1/Dive-Ai
Commit: 20ba150

Reviewed: 4 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.