gdpr-compliance-scanner
Gdpr Compliance Scanner - Auto-activating skill for Security Advanced. Triggers on: gdpr compliance scanner, gdpr compliance scanner Part of the Security Advanced skill category.
33
0%
Does it follow best practices?
Impact
96%
1.01xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/gdpr-compliance-scanner/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder with no substantive content. It only contains the skill name, a duplicate trigger phrase, and a generic category label. It fails to describe any actual capabilities, use cases, or natural trigger terms that would help Claude select this skill appropriately.
Suggestions
Add specific actions the scanner performs, e.g., 'Scans codebases for GDPR violations, identifies PII handling issues, checks consent mechanisms, audits data retention policies'
Include a 'Use when...' clause with natural trigger terms like 'GDPR audit', 'privacy compliance check', 'personal data handling', 'EU data protection', 'right to be forgotten'
Specify the scope and context, e.g., 'Analyzes web applications, databases, and APIs for GDPR compliance issues including data subject rights, lawful basis for processing, and cross-border data transfers'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions - only the skill name repeated. It doesn't describe what the scanner actually does (e.g., scan for PII, check consent mechanisms, audit data retention policies). | 1 / 3 |
Completeness | Neither 'what' nor 'when' is adequately addressed. There's no explanation of what the skill does or when Claude should use it beyond the auto-generated category label. | 1 / 3 |
Trigger Term Quality | The only trigger terms are 'gdpr compliance scanner' repeated twice, which is the skill name itself. Missing natural user terms like 'GDPR audit', 'privacy compliance', 'data protection', 'personal data', 'EU regulations'. | 1 / 3 |
Distinctiveness Conflict Risk | The vague 'Security Advanced skill category' label provides no meaningful differentiation. Could easily conflict with other security or compliance-related skills without specific GDPR-related triggers. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty template that provides no actual guidance on GDPR compliance scanning. It contains only generic placeholder text describing what a skill should do rather than providing any actionable content about GDPR requirements, scanning techniques, or compliance validation workflows.
Suggestions
Add concrete GDPR compliance checks with executable code (e.g., scanning for PII in databases, checking data retention policies, validating consent mechanisms)
Define a clear workflow: 1) Identify data sources, 2) Scan for PII, 3) Check against GDPR articles, 4) Generate compliance report with specific violations
Include specific GDPR articles and requirements (e.g., Article 17 right to erasure, Article 30 records of processing) with corresponding validation checks
Add example outputs showing what a compliance scan report should contain (findings, severity, remediation steps)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific about GDPR compliance scanning. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that Claude doesn't need. | 1 / 3 |
Actionability | No concrete code, commands, or specific guidance is provided. The skill describes what it does abstractly ('provides step-by-step guidance') but never actually provides any steps, scanning techniques, or compliance checks. | 1 / 3 |
Workflow Clarity | No workflow is defined. For a compliance scanner, there should be clear steps for scanning, identifying violations, categorizing findings, and remediation guidance. None of this is present. | 1 / 3 |
Progressive Disclosure | The content is a flat, generic template with no structure for actual GDPR compliance content. No references to detailed materials, checklists, or specific compliance frameworks are provided. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
e9f9c93
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.