container-security-auditor
Container Security Auditor - Auto-activating skill for Security Advanced. Triggers on: container security auditor, container security auditor Part of the Security Advanced skill category.
36
3%
Does it follow best practices?
Impact
99%
1.00xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/container-security-auditor/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is extremely weak across all dimensions. It reads as auto-generated boilerplate with no concrete actions, no natural trigger terms beyond the skill name repeated, and no explicit guidance on when Claude should select it. It would be nearly useless for skill selection among a large set of available skills.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Scans Dockerfiles for misconfigurations, audits container images for known vulnerabilities, reviews Kubernetes pod security policies, checks for privilege escalation risks in container runtimes.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about Docker security, container hardening, image vulnerability scanning, Kubernetes security policies, or mentions Dockerfile, docker-compose, or container runtime configurations.'
Remove the redundant duplicate trigger term ('container security auditor' listed twice) and replace with diverse natural language variations users would actually use.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. It only states it is a 'Container Security Auditor' and an 'auto-activating skill' but never describes what it actually does (e.g., scan Dockerfiles, check image vulnerabilities, audit container configurations). | 1 / 3 |
Completeness | Neither 'what does this do' nor 'when should Claude use it' is meaningfully answered. There is no description of capabilities and no explicit 'Use when...' clause with trigger guidance. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'container security auditor' repeated twice. It misses natural keywords users would say like 'Docker', 'Dockerfile', 'container vulnerability', 'image scan', 'Kubernetes security', 'container hardening', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'container security' does narrow the domain somewhat compared to generic security skills, but without specific actions or file types, it could easily overlap with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a placeholder with no substantive content. It contains only meta-descriptions of what the skill would do without providing any actual container security auditing guidance—no Dockerfile scanning techniques, no image vulnerability assessment steps, no runtime security configurations, no tools, no commands, and no examples. It fails on every dimension of the rubric.
Suggestions
Add concrete, executable guidance such as specific commands for scanning container images (e.g., trivy, grype, docker scout), Dockerfile security linting (e.g., hadolint), and runtime security checks.
Define a clear multi-step audit workflow with validation checkpoints, e.g.: 1. Scan base image for CVEs, 2. Lint Dockerfile against CIS benchmarks, 3. Check runtime configurations (no privileged containers, read-only rootfs), 4. Validate network policies.
Include specific code/configuration examples such as a secure Dockerfile template, a Kubernetes PodSecurityPolicy/PodSecurityStandard example, or a container audit checklist.
Remove all meta-description sections ('Purpose', 'When to Use', 'Example Triggers') that describe the skill rather than teaching container security auditing techniques.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and meta-description. It explains what the skill does in abstract terms without providing any actual security auditing guidance. Every section restates the same vague concept. | 1 / 3 |
Actionability | There are zero concrete instructions, commands, code examples, checklists, or specific techniques for container security auditing. The content describes rather than instructs, with no executable guidance whatsoever. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps, no sequences, no validation checkpoints. The phrase 'step-by-step guidance' is promised but never delivered. | 1 / 3 |
Progressive Disclosure | The content is a flat, monolithic block of meta-descriptions with no references to detailed materials, no links to related files, and no structured navigation to deeper content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3076d78
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.