secops-setup-gemini
Helps the user configure the Google SecOps Remote MCP Server for Gemini CLI. Use this when the user asks to "set up" or "configure" the security tools for Gemini CLI.
82
73%
Does it follow best practices?
Impact
100%
2.94xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./extensions/google-secops/skills/setup-gemini-cli/SKILL.mdQuality
Discovery
75%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description has a clear niche and explicitly addresses both what the skill does and when to use it, which is a strength. However, the specificity of actions is limited to just 'configure' without detailing what configuration entails, and the trigger terms could be expanded to cover more natural user phrasings like 'install', 'connect', or 'integrate'.
Suggestions
Add more specific concrete actions, e.g., 'Creates configuration files, sets API credentials, and registers MCP server endpoints for Google SecOps in Gemini CLI'.
Expand trigger terms to include variations like 'install', 'connect', 'integrate', 'MCP server setup', 'SecOps plugin', or 'remote server configuration'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | It names the domain (Google SecOps Remote MCP Server for Gemini CLI) and a general action (configure), but doesn't list specific concrete actions like 'create config files, set API keys, register endpoints'. The verb 'configure' is somewhat vague. | 2 / 3 |
Completeness | Clearly answers both 'what' (configure the Google SecOps Remote MCP Server for Gemini CLI) and 'when' (when the user asks to 'set up' or 'configure' the security tools for Gemini CLI) with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Includes some natural keywords like 'set up', 'configure', 'security tools', 'Gemini CLI', but misses common variations users might say such as 'install', 'connect', 'MCP server setup', 'SecOps integration', 'Google security', or 'remote MCP'. | 2 / 3 |
Distinctiveness Conflict Risk | The description targets a very specific niche — Google SecOps Remote MCP Server configuration for Gemini CLI — which is unlikely to conflict with other skills. The combination of product names creates a distinct trigger profile. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid setup/configuration skill with concrete, executable commands and a clear logical flow. Its main weaknesses are some unnecessary conversational meta-instructions that pad the content, and a lack of error recovery guidance if the configuration or verification step fails. The JSON config block and CLI commands are well-specified and actionable.
Suggestions
Remove conversational meta-instructions like 'Ask if uv is installed' and 'Ask: Have you run...' — instead, just list the prerequisite commands directly. Claude knows how to check and ask.
Add error recovery after the verification step: what does a successful response look like, and what should the user check if the command fails (e.g., auth issues, malformed JSON, wrong region URL).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Mostly efficient but includes some unnecessary conversational framing ('You are an expert...', 'Ask if...', 'Ask: "Have you run..."'). The instructional meta-commentary about what to ask the user adds tokens without adding value for Claude, who already knows how to interact conversationally. | 2 / 3 |
Actionability | Provides concrete, copy-paste ready commands (curl install, gcloud auth commands, exact JSON config block, verification command). All steps are specific and executable with clear placeholders for user-specific values. | 3 / 3 |
Workflow Clarity | Steps are clearly sequenced (prerequisites → configuration → verification), but there's no validation checkpoint between writing the config and testing. If the JSON is malformed or the config path is wrong, there's no error recovery guidance. The verification step exists but lacks guidance on what to do if it fails. | 2 / 3 |
Progressive Disclosure | For a simple, single-purpose setup skill under 50 lines, the content is well-organized into logical sections (prerequisites, configuration, verification) without needing external references. The structure is clean and easy to navigate. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- google/mcp-security
- Commit
9774ce8
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.