path-traversal-finder
Path Traversal Finder - Auto-activating skill for Security Fundamentals. Triggers on: path traversal finder, path traversal finder Part of the Security Fundamentals skill category.
36
Quality
3%
Does it follow best practices?
Impact
98%
0.98xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/path-traversal-finder/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder that provides almost no useful information for skill selection. It only states the skill name and category without explaining what actions it performs, what it detects, or when Claude should use it. The repeated trigger term is the skill's own name, which defeats the purpose of trigger-based selection.
Suggestions
Add specific actions the skill performs, e.g., 'Scans code and URLs for path traversal vulnerabilities, detects ../ sequences, identifies directory escape attempts, and flags insecure file path handling.'
Include a 'Use when...' clause with natural trigger terms: 'Use when reviewing code for security vulnerabilities, checking for directory traversal, LFI/RFI attacks, or when users mention ../, file path security, or directory escape.'
Add file types or contexts where this applies, e.g., 'Analyzes web application code, URL parameters, and file handling logic for path traversal risks.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Path Traversal Finder') without describing any concrete actions. There are no verbs indicating what the skill actually does - no mention of scanning, detecting, analyzing, or any specific capabilities. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name, and the 'when' guidance is circular (triggers on its own name). There is no explicit 'Use when...' clause or meaningful trigger guidance. | 1 / 3 |
Trigger Term Quality | The trigger terms listed are just 'path traversal finder' repeated twice. This is the skill name itself, not natural keywords users would say. Missing terms like 'directory traversal', '../', 'LFI', 'file inclusion', 'security scan', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'path traversal' is somewhat specific to a security domain, which provides some distinctiveness. However, the lack of concrete actions means it could overlap with other security scanning or vulnerability detection skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a placeholder with no substantive content. It describes what a path traversal finder skill would do without providing any actual guidance, code, payloads, detection techniques, or workflows. The entire content could be replaced with a single sentence and lose nothing of value.
Suggestions
Add concrete path traversal payloads and detection patterns (e.g., '../', '..\', URL-encoded variants, null byte injections)
Include executable code examples for testing path traversal in common contexts (file uploads, URL parameters, API endpoints)
Provide a clear workflow: 1) Identify input vectors, 2) Test with payloads, 3) Validate findings, 4) Document/remediate
Add references to OWASP path traversal resources and link to related skills for input validation and secure file handling
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with no actionable content. | 1 / 3 |
Actionability | There is zero concrete guidance - no code examples, no specific commands, no actual techniques for finding path traversal vulnerabilities. The skill describes what it claims to do rather than instructing how to do it. | 1 / 3 |
Workflow Clarity | No workflow is provided whatsoever. For a security skill about finding path traversal vulnerabilities, there should be clear steps for detection, testing payloads, validation approaches, and remediation guidance. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of vague descriptions with no references to detailed materials, no examples file, no payload lists, and no links to related security resources that would be essential for this topic. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.