path-traversal-finder
Path Traversal Finder - Auto-activating skill for Security Fundamentals. Triggers on: path traversal finder, path traversal finder Part of the Security Fundamentals skill category.
Overall
score
23%
Does it follow best practices?
Validation for skill structure
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill path-traversal-finderActivation
7%This description is severely lacking in all key areas. It reads like auto-generated boilerplate that only names the skill and its category without explaining what it does, how it works, or when to use it. The duplicate trigger term suggests a template error rather than intentional design.
Suggestions
Add concrete actions describing what the skill does, e.g., 'Detects path traversal vulnerabilities in code by scanning for ../, directory escape sequences, and unsanitized file path inputs.'
Include a 'Use when...' clause with natural trigger terms like 'Use when reviewing code for security vulnerabilities, checking for directory traversal, LFI attacks, or file path manipulation issues.'
Add common user terms and variations: 'directory traversal', '../', 'dot-dot-slash', 'LFI', 'local file inclusion', 'file path security'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Path Traversal Finder') without describing any concrete actions. There are no verbs indicating what the skill actually does - no mention of scanning, detecting, analyzing, or any specific capabilities. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. It only states it's part of 'Security Fundamentals' without explaining functionality or providing explicit usage triggers. | 1 / 3 |
Trigger Term Quality | The trigger terms listed are just the skill name repeated twice ('path traversal finder, path traversal finder'). Missing natural user terms like 'directory traversal', '../', 'LFI', 'file inclusion', 'security scan', or 'vulnerability'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'path traversal' is somewhat specific to a security domain, which provides some distinctiveness. However, without concrete actions described, it could still conflict with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
7%This skill is essentially a placeholder with no actual content. It describes what a path traversal finder skill should do without providing any concrete guidance, code examples, detection patterns, or security techniques. The content would be completely useless for actually finding path traversal vulnerabilities.
Suggestions
Add concrete code examples showing how to detect path traversal patterns (e.g., regex patterns for '../', URL encoding variants, common bypass techniques)
Include a clear workflow: 1) Identify user-controlled file paths, 2) Test with specific payloads, 3) Validate findings, 4) Recommend fixes
Provide specific examples of vulnerable code patterns and their secure alternatives
Remove all generic boilerplate text ('provides automated assistance', 'follows best practices') and replace with actual technical content
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with no actual information about path traversal detection. | 1 / 3 |
Actionability | Contains zero concrete guidance - no code examples, no specific commands, no actual techniques for finding path traversal vulnerabilities. The entire content describes what the skill supposedly does without providing any executable instructions. | 1 / 3 |
Workflow Clarity | No workflow is defined at all. Claims to provide 'step-by-step guidance' but includes no actual steps. A security scanning skill should have clear processes for detection, validation, and remediation. | 1 / 3 |
Progressive Disclosure | The content is organized into sections with headers, but there's nothing of substance to disclose. No references to detailed documentation, examples, or related resources beyond mentioning a category name. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.