penetration-test-planner
Penetration Test Planner - Auto-activating skill for Security Advanced. Triggers on: penetration test planner, penetration test planner Part of the Security Advanced skill category.
35
Quality
3%
Does it follow best practices?
Impact
94%
1.00xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/penetration-test-planner/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is severely underdeveloped, essentially serving as a placeholder rather than a functional skill description. It provides no information about what the skill actually does, lists no concrete capabilities, and relies on a single repeated trigger phrase. Claude would have no meaningful basis to select this skill appropriately.
Suggestions
Add specific capabilities describing what the skill does, e.g., 'Creates structured penetration testing plans, defines scope and methodology, identifies target systems, and generates testing checklists.'
Add a 'Use when...' clause with natural trigger terms like 'pentest', 'security assessment', 'vulnerability scan plan', 'red team planning', 'security audit'.
Remove the redundant duplicate trigger term and expand with variations users would naturally say when requesting penetration testing assistance.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Penetration Test Planner') without describing any concrete actions. There are no specific capabilities listed - no verbs describing what the skill actually does. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' (no capabilities listed) and 'when should Claude use it' (no explicit use-case guidance beyond the redundant trigger phrase). No 'Use when...' clause present. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'penetration test planner' repeated twice. Missing natural variations users would say like 'pentest', 'security assessment', 'vulnerability testing', 'pen test plan', etc. | 1 / 3 |
Distinctiveness Conflict Risk | While 'penetration test planner' is a specific domain, the lack of detail about what distinguishes this from other security-related skills creates potential overlap. The 'Security Advanced' category mention helps somewhat but is insufficient. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is essentially an empty placeholder with no substantive guidance. It describes what a penetration test planner skill should do without providing any actual instructions, methodologies, tools, or examples. The content fails on all dimensions by being verbose yet information-free.
Suggestions
Add concrete penetration testing phases with specific tools and commands (e.g., nmap for reconnaissance, specific exploitation frameworks, reporting templates)
Include a clear workflow with validation checkpoints: scope definition → reconnaissance → vulnerability assessment → exploitation → documentation → remediation verification
Provide executable examples such as sample scope documents, command sequences for common scenarios, and report templates
Reference detailed materials for specific areas like compliance requirements (SOC2, GDPR), threat modeling frameworks (STRIDE, PASTA), and tool-specific guides
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that provides no actual information. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler that waste tokens without teaching Claude anything specific about penetration test planning. | 1 / 3 |
Actionability | There is zero concrete guidance - no code, no commands, no specific steps, no examples of actual penetration test planning. The content only describes what the skill supposedly does without providing any executable or actionable instructions. | 1 / 3 |
Workflow Clarity | No workflow is defined whatsoever. For a penetration test planner skill, there should be clear phases (reconnaissance, scanning, exploitation, reporting) with validation checkpoints, but none are provided. | 1 / 3 |
Progressive Disclosure | The content is a flat, uninformative document with no structure pointing to detailed materials. It mentions 'Related Skills' and tags but provides no actual references to detailed documentation, methodologies, or examples. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.