password-hash-generator
Password Hash Generator - Auto-activating skill for Security Fundamentals. Triggers on: password hash generator, password hash generator Part of the Security Fundamentals skill category.
36
3%
Does it follow best practices?
Impact
96%
1.00xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/password-hash-generator/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is extremely thin and template-like, essentially just restating the skill name without describing what it actually does or when it should be used. It lacks concrete actions, meaningful trigger terms, and explicit usage guidance, making it nearly useless for skill selection among multiple options.
Suggestions
Add concrete actions describing what the skill does, e.g., 'Generates secure password hashes using algorithms like bcrypt, argon2, SHA-256, and PBKDF2. Supports configuring salt rounds and work factors.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks to hash a password, generate a password hash, compare password hashes, or mentions bcrypt, argon2, SHA-256, or secure password storage.'
Remove the duplicate trigger term ('password hash generator' is listed twice) and expand with natural variations users would actually say, such as 'hash my password', 'password encryption', 'secure hashing', or specific algorithm names.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Password Hash Generator') but does not describe any concrete actions like which hashing algorithms are supported, what inputs/outputs are expected, or what specific operations it performs. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' (no concrete actions described) and 'when should Claude use it' (no explicit 'Use when...' clause or equivalent guidance). It only states the skill name and category. | 1 / 3 |
Trigger Term Quality | The trigger terms are just 'password hash generator' repeated twice. It misses natural variations users would say like 'hash a password', 'bcrypt', 'SHA-256', 'encrypt password', 'secure password storage', or 'hashing'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'password hash generator' is somewhat specific to a niche (password hashing), which reduces conflict with unrelated skills. However, the lack of detail about specific capabilities could cause overlap with broader security or cryptography skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty shell with no substantive content. It contains only generic boilerplate descriptions of what a password hash generator skill would do, without any actual instructions, code examples, algorithm recommendations, or security guidance. It fails on every dimension because it provides zero value beyond what the skill's title already communicates.
Suggestions
Add concrete, executable code examples for password hashing using recommended libraries (e.g., bcrypt in Python: `import bcrypt; hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt())`)
Include a clear workflow: 1) Choose algorithm (argon2id preferred, bcrypt acceptable), 2) Set appropriate cost parameters, 3) Generate hash, 4) Verify hash works with a test comparison
Add specific security constraints: minimum cost factors, deprecated algorithms to avoid (MD5, SHA1, plain SHA256), and salt handling requirements
Remove all generic boilerplate sections ('When to Use', 'Example Triggers', 'Capabilities') and replace with actionable technical content that Claude doesn't already know
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and boilerplate. It explains nothing Claude doesn't already know, contains no actual technical content about password hashing, and wastes tokens on generic meta-descriptions like 'Provides step-by-step guidance' without providing any. | 1 / 3 |
Actionability | There is zero actionable content—no code, no commands, no specific algorithms (bcrypt, argon2, scrypt), no library references, no concrete examples of generating or verifying password hashes. It only describes what the skill would do without actually doing it. | 1 / 3 |
Workflow Clarity | No workflow is defined at all. There are no steps, no sequence, no validation checkpoints. For a security-sensitive operation like password hashing, the complete absence of a workflow with verification steps is a critical gap. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of generic placeholder text with no structure pointing to detailed references, no linked files, and no meaningful organization of content. There are no bundle files to support it either. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
13d35b8
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.