hipaa-audit-helper
Hipaa Audit Helper - Auto-activating skill for Security Advanced. Triggers on: hipaa audit helper, hipaa audit helper Part of the Security Advanced skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill hipaa-audit-helperOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is severely lacking in substance. It provides no information about what the skill actually does, only stating it's part of 'Security Advanced' and listing the skill name as its own trigger. Users and Claude would have no way to understand when this skill should be selected or what capabilities it offers.
Suggestions
Add specific concrete actions the skill performs, such as 'Reviews systems for HIPAA compliance, generates audit documentation, identifies PHI handling gaps, creates risk assessments'
Include a proper 'Use when...' clause with natural trigger terms like 'HIPAA compliance', 'healthcare audit', 'PHI security', 'protected health information', 'healthcare regulations'
Remove the redundant trigger phrase repetition and replace with meaningful capability descriptions that explain the skill's purpose
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. It only states it's an 'Auto-activating skill' and mentions trigger phrases, but never explains what the skill actually does. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' entirely - there's no explanation of capabilities. The 'when' is only implied through trigger phrases that are just the skill name repeated. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'hipaa audit helper' repeated twice. These are not natural keywords users would say - users would more likely say 'HIPAA compliance', 'audit preparation', 'healthcare security', or 'PHI protection'. | 1 / 3 |
Distinctiveness Conflict Risk | The HIPAA domain is somewhat specific and wouldn't conflict with most other skills, but the lack of detail about what it actually does (audit preparation? compliance checking? documentation?) makes it unclear how it differs from other potential security or compliance skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill is essentially a placeholder with no substantive content. It describes what a HIPAA audit helper should do but provides absolutely no actual guidance, procedures, checklists, or technical details that would enable Claude to assist with HIPAA compliance audits. The content is entirely generic boilerplate that could apply to any skill topic.
Suggestions
Add concrete HIPAA audit checklists covering the three safeguard categories: Administrative, Physical, and Technical safeguards with specific controls to verify
Include actionable audit procedures with specific commands or scripts for checking system configurations, access controls, and encryption status
Provide a clear workflow with numbered steps for conducting an audit: scoping, evidence collection, control testing, gap analysis, and remediation tracking
Add example outputs showing what audit findings should look like, including severity ratings and remediation recommendations
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that provides no actual HIPAA audit information. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler that waste tokens without teaching Claude anything. | 1 / 3 |
Actionability | There is zero concrete guidance - no HIPAA controls to check, no audit procedures, no code, no commands, no checklists. The skill describes what it claims to do rather than providing any executable instructions. | 1 / 3 |
Workflow Clarity | No workflow is defined whatsoever. A HIPAA audit skill should have clear steps for assessing compliance, checking specific safeguards, and documenting findings, but none are provided. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of vague marketing-style text with no structure, no references to detailed materials, and no organization that would help Claude navigate HIPAA audit requirements. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.