log-analysis-security
Log Analysis Security - Auto-activating skill for Security Advanced. Triggers on: log analysis security, log analysis security Part of the Security Advanced skill category.
33
0%
Does it follow best practices?
Impact
93%
0.98xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/log-analysis-security/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder that restates the skill name without providing any meaningful information about capabilities, actions, or usage triggers. It fails on all dimensions: no concrete actions are listed, trigger terms are just the skill name repeated, there is no 'what' or 'when' guidance, and it would easily conflict with other security or log-related skills.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Parses server and application logs to detect security anomalies, identify unauthorized access attempts, correlate events across log sources, and flag suspicious patterns.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about analyzing security logs, reviewing audit trails, investigating suspicious log entries, detecting intrusions, or working with syslog, auth.log, access logs, or SIEM data.'
Remove the redundant repeated trigger term ('log analysis security' listed twice) and replace with diverse natural language variations users would actually say, such as 'security logs', 'log forensics', 'threat detection in logs', 'audit log review'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description provides no concrete actions. It merely states 'Log Analysis Security' without describing what it actually does—no mention of parsing logs, detecting threats, identifying anomalies, correlating events, or any other specific capability. | 1 / 3 |
Completeness | Neither the 'what' nor the 'when' is meaningfully answered. The description says it's an 'auto-activating skill' but doesn't explain what it does or when Claude should use it beyond restating the skill name. | 1 / 3 |
Trigger Term Quality | The trigger terms are just 'log analysis security' repeated twice. There are no natural variations a user might say, such as 'security logs', 'audit logs', 'SIEM', 'intrusion detection', 'suspicious activity', 'log parsing', or file format references. | 1 / 3 |
Distinctiveness Conflict Risk | The description is extremely generic—'log analysis security' could overlap with any security-related skill, general log analysis skill, or monitoring skill. There are no distinct triggers or scope boundaries to differentiate it. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is a hollow placeholder that contains no actual instructional content. It repeatedly describes itself in abstract terms ('provides step-by-step guidance,' 'follows industry best practices') without ever delivering any of those things. It fails on every dimension because it is entirely meta-description with zero actionable substance about log analysis security.
Suggestions
Replace the abstract capability descriptions with actual log analysis techniques: specific commands (e.g., grep patterns, jq queries, SIEM query syntax), concrete examples of suspicious log entries, and detection workflows.
Add a concrete workflow with steps for analyzing security logs, such as: 1) Identify log sources, 2) Parse with specific tools/commands, 3) Search for IOCs using provided patterns, 4) Validate findings, 5) Generate report.
Include executable code examples for common log analysis tasks—e.g., parsing auth logs for brute force attempts, detecting lateral movement in firewall logs, or correlating events across multiple log sources.
Remove all self-referential boilerplate sections ('When to Use,' 'Example Triggers,' 'Capabilities' as currently written) and replace with substantive content that teaches actual security log analysis techniques.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and meta-description. It explains what the skill does in abstract terms without providing any actual actionable content. Every section restates the same vague idea—that this skill helps with 'log analysis security'—without adding substance. | 1 / 3 |
Actionability | There are no concrete commands, code examples, techniques, or specific guidance. The skill describes rather than instructs—it says it 'provides step-by-step guidance' and 'generates production-ready code' but includes neither. A user or Claude gains zero executable knowledge from this content. | 1 / 3 |
Workflow Clarity | There is no workflow, no sequence of steps, no validation checkpoints, and no process described. The content is purely declarative metadata about the skill's existence rather than any operational procedure. | 1 / 3 |
Progressive Disclosure | There is no meaningful content to organize, no references to supporting files, and no bundle files exist. The structure consists of empty boilerplate sections with no depth or navigation to additional resources. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
13d35b8
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.