env-secret-detector
Env Secret Detector - Auto-activating skill for Security Fundamentals. Triggers on: env secret detector, env secret detector Part of the Security Fundamentals skill category.
Overall
score
23%
Does it follow best practices?
Validation for skill structure
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill env-secret-detectorActivation
7%This description is severely underdeveloped, essentially just restating the skill name without explaining capabilities or use cases. It lacks concrete actions, natural trigger terms, and explicit guidance on when Claude should select this skill. The description would be nearly useless for skill selection among multiple security-related options.
Suggestions
Add specific actions the skill performs, e.g., 'Scans code and configuration files to detect exposed API keys, passwords, tokens, and other secrets in .env files and environment variables.'
Include a 'Use when...' clause with natural trigger terms like 'Use when reviewing code for leaked credentials, checking .env files, auditing secrets, or when users mention API keys, passwords, or sensitive data exposure.'
Remove the redundant 'Triggers on' line that just repeats the skill name, and replace with actual user-facing keywords like 'secrets', 'credentials', 'API keys', 'environment variables', '.env'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague language like 'Auto-activating skill for Security Fundamentals' without describing any concrete actions. It does not explain what the skill actually does (e.g., scans files, detects API keys, flags exposed credentials). | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name, and provides no explicit 'when to use' guidance. The 'Triggers on' field just repeats the skill name rather than describing actual use cases. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'env secret detector' repeated twice, which is technical jargon unlikely to match natural user language. Missing common terms users would say like 'secrets', 'API keys', 'credentials', 'leaked passwords', '.env file'. | 1 / 3 |
Distinctiveness Conflict Risk | The name 'Env Secret Detector' suggests a specific niche (detecting secrets in environment files), but the lack of detail about what it actually detects or when to use it could cause confusion with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
7%This skill is essentially a placeholder with no actionable content. It describes what an env secret detector skill should do but provides zero implementation details, patterns to detect, code examples, or concrete guidance. A security skill should include specific regex patterns for common secrets, scanning commands, and validation steps.
Suggestions
Add concrete regex patterns or detection rules for common secrets (API keys, passwords, tokens) in .env files
Include executable code examples showing how to scan files and identify potential secrets
Define a clear workflow: scan -> identify -> classify severity -> report/remediate with validation checkpoints
Remove generic boilerplate sections ('Capabilities', 'Example Triggers') and replace with actual implementation guidance
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that Claude doesn't need and add no actionable value. | 1 / 3 |
Actionability | There is zero concrete guidance - no code, no commands, no specific steps for detecting secrets in environment files. The content describes what the skill supposedly does but never shows how to actually do it. | 1 / 3 |
Workflow Clarity | No workflow is defined. For a security task like detecting secrets in env files, there should be clear steps (scan, identify patterns, validate findings, remediate), but none are provided. | 1 / 3 |
Progressive Disclosure | The content is organized into sections with headers, but there's nothing of substance to disclose. No references to detailed documentation or examples that would provide actual implementation guidance. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.