pci-dss-validator
Pci Dss Validator - Auto-activating skill for Security Advanced. Triggers on: pci dss validator, pci dss validator Part of the Security Advanced skill category.
41
11%
Does it follow best practices?
Impact
100%
1.04xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/pci-dss-validator/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is severely underdeveloped, functioning more as a metadata stub than a useful skill description. It fails to explain what PCI DSS validation entails, what actions the skill performs, or when Claude should select it. The repetitive trigger terms and category reference provide minimal value for skill selection.
Suggestions
Add specific capabilities: describe what the validator checks (e.g., 'Validates configurations against PCI DSS requirements, checks encryption standards, reviews access controls, audits logging compliance').
Add explicit trigger guidance: 'Use when the user mentions PCI compliance, payment card security, cardholder data protection, PCI audits, or needs to validate systems against PCI DSS requirements.'
Include natural keyword variations users would say: 'PCI compliance', 'payment security', 'credit card data protection', 'PCI audit', 'cardholder data environment'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. 'Auto-activating skill for Security Advanced' is abstract meta-language that doesn't describe what the skill actually does. | 1 / 3 |
Completeness | Completely missing the 'what does this do' component - no explanation of validation capabilities, checks performed, or outputs. The 'when' is only implied through trigger terms, with no explicit 'Use when...' clause. | 1 / 3 |
Trigger Term Quality | Contains 'pci dss validator' which is a relevant technical term users might search for, but lacks natural variations like 'PCI compliance', 'payment card security', 'cardholder data', or 'PCI audit'. | 2 / 3 |
Distinctiveness Conflict Risk | The 'pci dss' term provides some specificity to payment card security domain, but 'Security Advanced' category reference is vague and could overlap with other security-related skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is essentially a placeholder template with no actual PCI DSS validation guidance. It lacks any concrete instructions, code examples, compliance checklists, or validation workflows that would make it useful for security compliance tasks. The content explains what the skill claims to do rather than providing actionable guidance.
Suggestions
Add specific PCI DSS requirements checklist with validation commands or scripts (e.g., checking encryption standards, access controls, network segmentation)
Include concrete code examples for common validation tasks such as scanning for cardholder data, checking TLS configurations, or auditing access logs
Define a clear workflow with validation checkpoints: assess scope → identify requirements → run validation checks → document findings → remediate → re-validate
Reference external PCI DSS documentation or link to detailed requirement-specific guides (e.g., REQUIREMENT_3.md for stored cardholder data protection)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific about PCI DSS validation. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that Claude already understands. | 1 / 3 |
Actionability | No concrete guidance, code, commands, or specific steps for PCI DSS validation are provided. The content only describes what the skill supposedly does without any executable instructions. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps, validation checkpoints, or processes for actually performing PCI DSS validation tasks. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of vague descriptions with no references to detailed materials, no structured sections with actual content, and no navigation to supporting documentation. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.