secops-setup-antigravity
Helps the user configure the Google SecOps Remote MCP Server for Antigravity. Use this when the user asks to "set up" or "configure" the security tools for Antigravity.
75
62%
Does it follow best practices?
Impact
100%
1.53xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./extensions/google-secops/skills/setup-antigravity/SKILL.mdQuality
Discovery
75%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description has good completeness with an explicit 'Use when' clause and is highly distinctive due to its specific product focus. However, it lacks specificity in the concrete actions involved in configuration and could include more natural trigger term variations that users might use when seeking this skill.
Suggestions
Add specific concrete actions involved in configuration, e.g., 'Configures authentication credentials, sets up API endpoints, and defines alert forwarding rules for the Google SecOps Remote MCP Server.'
Expand trigger terms to include variations like 'Google SecOps', 'MCP server', 'SIEM setup', 'security operations', or 'SecOps integration' to improve matching.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain ('Google SecOps Remote MCP Server for Antigravity') and a general action ('configure'), but does not list multiple specific concrete actions like setting up authentication, defining endpoints, or configuring alert rules. | 2 / 3 |
Completeness | The description answers both 'what does this do' (helps configure the Google SecOps Remote MCP Server for Antigravity) and 'when should Claude use it' with an explicit 'Use this when...' clause containing trigger terms. | 3 / 3 |
Trigger Term Quality | Includes some natural trigger terms like 'set up', 'configure', 'security tools', and 'Antigravity', but misses common variations users might say such as 'Google SecOps', 'MCP server', 'remote server setup', 'security configuration', or 'SIEM'. | 2 / 3 |
Distinctiveness Conflict Risk | The description is highly specific to a particular product combination (Google SecOps Remote MCP Server + Antigravity), making it very unlikely to conflict with other skills. The niche is clearly defined. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides a reasonable walkthrough for configuring the Google SecOps MCP Server but has notable gaps: CUSTOMER_ID and REGION are gathered but never used in the substitution step, the template reading is mentioned twice, and the merge operation lacks validation. The actionability is weakened by the absence of the actual template content and lack of executable merge logic.
Suggestions
Fix the inconsistency where CUSTOMER_ID and REGION are gathered in prerequisites but never referenced in the template substitution step — either add them to the replacement variables or remove them from the gather step.
Add a JSON validation checkpoint after the merge step (e.g., 'Verify the merged file is valid JSON by reading it back and checking for parse errors') to prevent destructive config corruption.
Remove the duplicate 'Read Template' instruction (appears in both step 1 and step 4) and consolidate the template reading into a single step.
Include the actual template content inline or confirm the bundle files exist, so the skill is self-contained enough to be actionable without guessing at the template structure.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Mostly efficient but includes some unnecessary framing ('You are an expert in...') and slightly verbose option descriptions. The prerequisite checks section could be tighter, and some instructions are repeated (e.g., reading the template is mentioned twice in steps 1 and 4). | 2 / 3 |
Actionability | Provides concrete bash commands for gcloud auth and a clear merge workflow, but key details are missing: the actual template content is not shown, the merge logic is described abstractly rather than with executable code, and the `SERVER_URL` and `CUSTOMER_ID`/`REGION` usage in the template is unclear (CUSTOMER_ID and REGION are gathered but never referenced in the substitution step). | 2 / 3 |
Workflow Clarity | Steps are listed in a reasonable sequence with a verification step at the end, but there's no validation checkpoint after the merge (e.g., validating the resulting JSON is well-formed). The instruction to 'not overwrite other servers' is mentioned but no error recovery or feedback loop is provided for this potentially destructive file operation. Also, CUSTOMER_ID and REGION are collected but never used in the configuration steps, creating confusion. | 2 / 3 |
Progressive Disclosure | References `mcp_config.template.json` and `.env.example` as companion files, which is good structure, but no bundle files are provided to verify these exist. The skill is a reasonable length for a single file but could benefit from clearer signaling of where referenced files are located. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- google/mcp-security
- Commit
fb807e9
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.