repomix-safe-mixer
Safely package codebases with repomix by automatically detecting and removing hardcoded credentials before packing. Use when packaging code for distribution, creating reference packages, or when the user mentions security concerns about sharing code with repomix.
91
87%
Does it follow best practices?
Impact
96%
1.81xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid description that clearly identifies a specific tool (repomix), a concrete security-focused action (detecting and removing hardcoded credentials), and explicit trigger conditions. The main weakness is that the capability description could be slightly more detailed about what specific actions are performed beyond credential detection, but overall it serves its purpose well for skill selection.
Suggestions
Consider listing additional specific actions beyond credential removal, such as 'generates packed output files', 'scans for API keys, tokens, and passwords', or 'creates .repomix archives' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (packaging codebases with repomix) and some actions (detecting and removing hardcoded credentials, packing), but doesn't list multiple concrete actions comprehensively—e.g., what formats, what types of credentials, what output is produced. | 2 / 3 |
Completeness | Clearly answers both 'what' (safely package codebases with repomix by detecting and removing hardcoded credentials) and 'when' (explicit 'Use when' clause covering packaging for distribution, creating reference packages, or security concerns about sharing code). | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms: 'repomix', 'packaging code', 'distribution', 'reference packages', 'security concerns', 'sharing code', 'hardcoded credentials'. These cover terms users would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Very distinct niche: the combination of 'repomix' as a specific tool plus credential removal for secure code packaging is unlikely to conflict with other skills. The triggers are narrow and well-defined. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, actionable skill with clear workflows and good progressive disclosure. Its main weakness is moderate verbosity—sections like Post-Exposure Actions, Common False Positives, and the Integration with Repomix section add content that is either redundant or covers general knowledge Claude already possesses. Trimming these would improve token efficiency without sacrificing clarity.
Suggestions
Remove or significantly condense the 'Post-Exposure Actions' section—these are general security practices Claude already knows, not skill-specific instructions.
Consolidate the 'Integration with Repomix' section into the 'Options' section since the examples largely duplicate what's already shown above.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably well-structured but includes some unnecessary verbosity. The 'Post-Exposure Actions' section and 'Common False Positives' section explain general security concepts Claude already knows. The 'Integration with Repomix' section largely repeats options already shown earlier. The overview paragraph restates the description. | 2 / 3 |
Actionability | Provides fully executable bash commands throughout, concrete before/after code examples for credential replacement, specific CLI flags with examples, and copy-paste ready commands for every workflow step. | 3 / 3 |
Workflow Clarity | The core workflow has a clear scan → report → block/pack sequence with explicit validation. The 'Handling Detected Secrets' section provides a numbered 5-step process with a verify-cleanup step (Step 4) before proceeding. The example workflows clearly show feedback loops (scan → fix → re-scan → pack). | 3 / 3 |
Progressive Disclosure | Content is well-organized with a clear overview, core workflow up front, and detailed sections following logically. References to external files (references/common_secrets.md, scripts/) are one level deep and clearly signaled in a dedicated Resources section. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- fernandezbaptiste/claude-code-skills
- Commit
4f0eae8
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.