container-security-auditor
Container Security Auditor - Auto-activating skill for Security Advanced. Triggers on: container security auditor, container security auditor Part of the Security Advanced skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill container-security-auditorOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is severely lacking in all key areas. It reads as auto-generated boilerplate with no actual content describing what the skill does or when to use it. The description provides zero value for skill selection as it contains only the skill name and category metadata.
Suggestions
Add specific concrete actions the skill performs, such as 'Scans Docker images for vulnerabilities, audits Kubernetes pod security policies, checks container configurations against CIS benchmarks'
Include a 'Use when...' clause with natural trigger terms like 'Docker security', 'container vulnerabilities', 'Kubernetes security audit', 'image scanning', 'container hardening'
Remove the redundant trigger term repetition and replace with diverse, user-natural phrases that would indicate need for container security analysis
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. 'Container Security Auditor' is just a name, and 'Auto-activating skill for Security Advanced' describes metadata, not capabilities. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no explanation of capabilities and no explicit 'Use when...' clause or equivalent guidance. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'container security auditor' repeated twice, which is the skill name itself rather than natural user language. Missing terms like 'Docker security', 'Kubernetes vulnerabilities', 'container scan', 'image security', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'container security' does provide some domain specificity that distinguishes it from general security skills, but without concrete actions or triggers, it could still overlap with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill is an empty template that provides no actual guidance for container security auditing. It contains only generic placeholder text that describes capabilities in abstract terms without any concrete tools, commands, checklists, or workflows. A security auditor skill should include specific scanning tools (Trivy, Grype), Dockerfile best practices, runtime security checks, and compliance validation steps.
Suggestions
Add concrete scanning commands and tools (e.g., `trivy image <image-name>`, `grype`, `docker scan`) with example outputs
Include a step-by-step audit workflow: 1) Image scanning, 2) Dockerfile analysis, 3) Runtime configuration review, 4) Network policy validation - with explicit pass/fail criteria
Provide specific security checks as a checklist: no root user, minimal base images, no secrets in layers, read-only filesystem, resource limits
Add references to detailed guides for specific areas like Kubernetes pod security policies, Docker Bench for Security, or CIS benchmarks
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with zero actionable information. | 1 / 3 |
Actionability | No concrete code, commands, tools, or specific techniques are provided. The skill describes what it does in abstract terms but never shows how to actually audit container security - no Dockerfile analysis, no scanning commands, no vulnerability checks. | 1 / 3 |
Workflow Clarity | No workflow is defined at all. For a security auditing task, there should be clear steps (e.g., image scanning, runtime analysis, network policy review) with validation checkpoints, but none exist. | 1 / 3 |
Progressive Disclosure | The content is a flat, generic template with no structure for discovery. No references to detailed guides, tool documentation, or example configurations. The 'Related Skills' section mentions tags but provides no actual navigation. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.