env-secret-detector
Env Secret Detector - Auto-activating skill for Security Fundamentals. Triggers on: env secret detector, env secret detector Part of the Security Fundamentals skill category.
38
Quality
7%
Does it follow best practices?
Impact
96%
0.96xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/env-secret-detector/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder that provides almost no useful information for skill selection. It lacks any explanation of what the skill does, what actions it performs, or when it should be triggered. The repeated trigger term and boilerplate category mention add no value for Claude's skill selection process.
Suggestions
Add specific actions the skill performs, e.g., 'Scans code and configuration files for exposed secrets, API keys, passwords, and credentials in environment variables and .env files.'
Include a 'Use when...' clause with natural trigger terms: 'Use when reviewing code for security issues, checking for leaked credentials, scanning .env files, or when users mention API keys, secrets, or sensitive data exposure.'
Remove the redundant duplicate trigger term and replace with varied natural language terms users would actually say when needing this skill.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Env Secret Detector') without describing any concrete actions. There are no verbs explaining what the skill actually does - no mention of scanning, detecting, alerting, or any specific capabilities. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' (no actions described) and 'when should Claude use it' (no explicit use cases or triggers beyond the redundant skill name). The 'Auto-activating' mention doesn't explain the activation conditions. | 1 / 3 |
Trigger Term Quality | The trigger terms listed are just the skill name repeated ('env secret detector, env secret detector'). Missing natural user terms like 'secrets', 'API keys', 'credentials', 'environment variables', '.env files', 'leaked secrets', or 'sensitive data'. | 1 / 3 |
Distinctiveness Conflict Risk | The name 'Env Secret Detector' suggests a specific niche (detecting secrets in environment files), which provides some distinctiveness. However, without concrete capability descriptions, it could overlap with general security scanning or code review skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is a placeholder template with no actual content about env secret detection. It contains only generic boilerplate describing what a skill should do without providing any concrete guidance, code examples, regex patterns, or detection strategies. The skill fails to teach Claude anything actionable about detecting secrets in environment files.
Suggestions
Add concrete regex patterns or code examples for detecting common secret patterns (API keys, passwords, tokens) in .env files
Provide a clear workflow: 1) scan file, 2) identify patterns, 3) classify severity, 4) report findings with specific output format
Include specific examples of secrets to detect (AWS keys, database URLs, JWT tokens) with sample input/output
Remove all generic boilerplate ('provides automated assistance', 'follows industry best practices') and replace with actual detection logic
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific about env secret detection. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that waste tokens without adding value. | 1 / 3 |
Actionability | No concrete code, commands, or specific guidance is provided. The skill describes what it does abstractly ('provides step-by-step guidance') but never actually provides any guidance, patterns, or executable examples for detecting secrets in environment files. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps, no validation checkpoints, and no process for actually detecting secrets in environment files. The content only describes triggers and capabilities without any actionable sequence. | 1 / 3 |
Progressive Disclosure | The content is organized into clear sections with headers, but there are no references to detailed materials, no links to examples or advanced documentation, and the structure serves only to organize empty boilerplate rather than meaningful content. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.