password-hash-generator
Password Hash Generator - Auto-activating skill for Security Fundamentals. Triggers on: password hash generator, password hash generator Part of the Security Fundamentals skill category.
36
3%
Does it follow best practices?
Impact
96%
1.00xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/password-hash-generator/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is extremely thin and template-like, providing almost no useful information beyond the skill's name. It lacks concrete actions, meaningful trigger terms, and any explicit guidance on when Claude should select this skill. The repeated trigger term and boilerplate phrasing ('Auto-activating skill for Security Fundamentals') add no value.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Generates password hashes using bcrypt, SHA-256, PBKDF2, or Argon2 algorithms. Supports salting, configurable rounds, and hash verification.'
Add a 'Use when...' clause with natural trigger terms like 'hash a password', 'bcrypt hash', 'password encryption', 'secure password storage', 'generate salt', or 'verify password hash'.
Remove the duplicate trigger term and replace with diverse, natural keyword variations that users would actually type.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Password Hash Generator') but does not describe any concrete actions like which hashing algorithms are supported, what inputs/outputs are expected, or what specific operations it performs. | 1 / 3 |
Completeness | The description fails to clearly answer 'what does this do' beyond the name itself, and there is no explicit 'when should Claude use it' clause. The 'Triggers on' line is just a duplicate of the skill name, not meaningful trigger guidance. | 1 / 3 |
Trigger Term Quality | The only trigger term listed is 'password hash generator' repeated twice. It misses natural variations users would say like 'hash a password', 'bcrypt', 'SHA-256', 'encrypt password', 'password hashing', or 'generate hash'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'password hash generator' is somewhat specific to a niche (password hashing), which reduces conflict risk with unrelated skills. However, the lack of detail about what it actually does could cause confusion with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty shell with no actionable content whatsoever. It consists entirely of auto-generated boilerplate that describes what a password hash generator skill would do without actually providing any technical guidance, code examples, or security best practices. A proper skill would include specific library recommendations (e.g., bcrypt, argon2id), executable code examples, salt handling guidance, and security constraints.
Suggestions
Add concrete, executable code examples for password hashing using recommended libraries (e.g., `bcrypt.hashpw()` in Python, `argon2-cffi` for Argon2id) with proper salt generation.
Include specific security constraints and anti-patterns: minimum work factors, algorithms to avoid (MD5, SHA-1 for passwords), and why plain hashing without salting is dangerous.
Provide a clear workflow: 1) Choose algorithm (Argon2id preferred), 2) Generate hash with specific parameters, 3) Verify hash, 4) Store securely—with validation steps.
Remove all meta-description sections ('When to Use', 'Example Triggers', 'Capabilities') that describe the skill rather than teaching the task, and replace with actual technical content.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and meta-description. It explains what the skill does in abstract terms without providing any actual technical content. Every section restates the same vague idea about 'password hash generator' without adding substance. | 1 / 3 |
Actionability | There is zero concrete guidance—no code examples, no specific hashing algorithms mentioned (bcrypt, argon2, scrypt), no library recommendations, no executable commands. It describes rather than instructs. | 1 / 3 |
Workflow Clarity | No steps, no workflow, no validation checkpoints. The skill claims to provide 'step-by-step guidance' but contains none. For a security-sensitive operation like password hashing, the absence of any concrete process is a significant gap. | 1 / 3 |
Progressive Disclosure | No structure beyond boilerplate headings. No references to external files, no quick-start section, no separation of basic vs advanced content. The sections are organizational theater with no real content to organize. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
c8a915c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.