penetration-test-planner
Penetration Test Planner - Auto-activating skill for Security Advanced. Triggers on: penetration test planner, penetration test planner Part of the Security Advanced skill category.
35
3%
Does it follow best practices?
Impact
94%
1.00xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/penetration-test-planner/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is extremely weak across all dimensions. It reads like auto-generated boilerplate with no substantive information about what the skill does, when to use it, or what specific capabilities it offers. The trigger terms are redundant and miss common user language variations for penetration testing tasks.
Suggestions
Add concrete actions the skill performs, e.g., 'Creates structured penetration test plans, defines scope and methodology, identifies target systems, and outlines testing phases including reconnaissance, exploitation, and reporting.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about pentest planning, pen test scope, security assessment methodology, ethical hacking plans, or vulnerability testing strategies.'
Include common keyword variations users would naturally say: 'pentest', 'pen test', 'security audit', 'red team', 'vulnerability assessment', 'ethical hacking', 'security testing plan'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description provides no concrete actions. It only states it is a 'Penetration Test Planner' and an 'Auto-activating skill for Security Advanced' without describing what it actually does (e.g., create test plans, identify vulnerabilities, generate reports). | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name itself, and the 'when' clause is limited to a redundant trigger phrase. There is no explicit 'Use when...' guidance with meaningful context. | 1 / 3 |
Trigger Term Quality | The trigger terms listed are just 'penetration test planner' repeated twice. There are no natural variations a user might say such as 'pentest', 'pen test', 'security assessment', 'vulnerability assessment', 'ethical hacking', or 'security testing'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'penetration test planner' is somewhat specific to a niche domain, which reduces conflict risk with unrelated skills. However, within a security skill category it could overlap with other security assessment or vulnerability scanning skills due to lack of specificity about what exactly it plans. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty template/placeholder that provides absolutely no actionable content about penetration test planning. It contains no methodologies (e.g., OWASP, PTES, OSSTMM), no tool guidance (e.g., Nmap, Burp Suite, Metasploit), no scoping checklists, no rules of engagement templates, and no example plans. It fails on every dimension of the rubric.
Suggestions
Replace the boilerplate with actual penetration test planning content: include a scoping checklist, rules of engagement template, and phase breakdown (reconnaissance, scanning, exploitation, reporting).
Add concrete, actionable examples such as an Nmap command for network discovery, a sample scope document, or a reporting template with specific sections and formats.
Define a clear multi-step workflow for planning a pentest (e.g., 1. Define scope → 2. Get authorization → 3. Enumerate targets → 4. Select methodology → 5. Create timeline → 6. Prepare report template) with validation checkpoints at each stage.
Reference detailed sub-documents for specific areas like compliance mapping (SOC2/GDPR), threat modeling frameworks (STRIDE, PASTA), and tool-specific guides rather than listing tags with no backing content.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and boilerplate. It explains nothing Claude doesn't already know and contains zero domain-specific information about penetration test planning. Every section restates the skill name without adding substance. | 1 / 3 |
Actionability | There is no concrete guidance whatsoever—no commands, no code, no frameworks, no methodologies, no checklists, no tool references. The content only vaguely describes what the skill could do without actually instructing Claude how to do anything. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process is defined. Claims to provide 'step-by-step guidance' but includes none. There are no validation checkpoints, no sequencing, and no actionable procedure for planning a penetration test. | 1 / 3 |
Progressive Disclosure | The content is a flat, shallow placeholder with no meaningful structure. There are no references to detailed materials, no links to methodology guides, tool references, or example plans. The sections are purely cosmetic headers over empty content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3076d78
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.