hipaa-audit-helper
Hipaa Audit Helper - Auto-activating skill for Security Advanced. Triggers on: hipaa audit helper, hipaa audit helper Part of the Security Advanced skill category.
34
Quality
3%
Does it follow best practices?
Impact
89%
0.91xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/hipaa-audit-helper/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is severely lacking in all key areas. It provides no information about what the skill actually does, contains no natural trigger terms beyond the skill name, and offers no guidance on when Claude should select it. The description reads as auto-generated boilerplate rather than a useful skill description.
Suggestions
Add specific concrete actions the skill performs (e.g., 'Reviews systems for HIPAA compliance, identifies PHI handling gaps, generates audit checklists, assesses security controls').
Include a 'Use when...' clause with natural trigger terms like 'HIPAA compliance', 'PHI audit', 'healthcare security review', 'protected health information', 'compliance assessment'.
Remove the redundant trigger term and replace with varied, user-natural phrases that would indicate need for HIPAA audit assistance.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. It only states it's an 'Auto-activating skill for Security Advanced' without describing what the skill actually does. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no explanation of capabilities and no explicit 'Use when...' clause or equivalent guidance. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'hipaa audit helper' repeated twice, which is the skill name itself rather than natural keywords users would say when needing HIPAA audit assistance (e.g., 'compliance check', 'PHI', 'security assessment'). | 1 / 3 |
Distinctiveness Conflict Risk | While 'HIPAA audit' is a specific domain that provides some distinctiveness, the lack of concrete actions or scope means it could potentially overlap with other security or compliance-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty template that provides no actual HIPAA audit guidance. It contains only generic boilerplate text describing what a skill should do rather than providing any actionable content. A HIPAA audit helper should include specific controls to verify, compliance checklists, evidence collection procedures, and remediation guidance.
Suggestions
Add a concrete HIPAA audit checklist covering the Security Rule's technical safeguards (access controls, audit controls, integrity controls, transmission security)
Include specific commands or scripts for checking common HIPAA compliance items (e.g., encryption verification, access log review, backup validation)
Provide a workflow with validation steps: 1) Scope definition, 2) Evidence collection, 3) Control testing, 4) Gap identification, 5) Remediation tracking
Add references to HIPAA regulatory requirements (45 CFR Part 164) and link to detailed control-specific guidance files
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that provides no actual HIPAA audit information. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler that waste tokens without teaching Claude anything. | 1 / 3 |
Actionability | There is zero concrete guidance - no HIPAA controls to check, no audit procedures, no code, no commands, no checklists. The skill describes what it claims to do rather than providing any executable instructions. | 1 / 3 |
Workflow Clarity | No workflow is defined whatsoever. A HIPAA audit helper should have clear steps for reviewing technical safeguards, administrative controls, documentation requirements, etc. None of this is present. | 1 / 3 |
Progressive Disclosure | The content is a shallow placeholder with no actual substance to organize. There are no references to detailed materials, no links to HIPAA control frameworks, and no structured navigation to deeper content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.