penetration-test-planner
Penetration Test Planner - Auto-activating skill for Security Advanced. Triggers on: penetration test planner, penetration test planner Part of the Security Advanced skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill penetration-test-plannerOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is severely underdeveloped, functioning more as a label than a useful skill description. It provides no information about what the skill actually does, lists no concrete actions or capabilities, and relies on a single repeated trigger phrase. Claude would have no meaningful basis to select this skill appropriately from a library of skills.
Suggestions
Add specific capabilities describing what the skill does, e.g., 'Creates structured penetration testing plans, defines scope and methodology, identifies target systems, and generates testing checklists.'
Include a 'Use when...' clause with natural trigger terms like 'pentest', 'security assessment', 'vulnerability scan plan', 'red team exercise', 'security audit planning'.
Expand trigger term coverage to include common variations and related concepts users might mention when needing penetration testing assistance.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Penetration Test Planner') without describing any concrete actions. There are no specific capabilities listed - no verbs describing what the skill actually does. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' (no capabilities listed) and 'when should Claude use it' (no explicit use-case guidance beyond the redundant trigger phrase). Both components are missing or very weak. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'penetration test planner' repeated twice. Missing natural variations users would say like 'pentest', 'security assessment', 'vulnerability testing', 'pen test plan', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'penetration test' is somewhat specific to security testing, which provides some distinctiveness. However, without describing specific capabilities, it could overlap with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill is an empty shell containing only meta-descriptions and boilerplate. It provides zero actionable content about penetration testing - no methodology (OWASP, PTES), no tool guidance, no scoping templates, no reporting formats, no compliance mapping. The content describes what a skill should do rather than actually doing it.
Suggestions
Add concrete penetration testing methodology content: reconnaissance steps, vulnerability scanning commands, exploitation frameworks, and reporting templates
Include specific tool examples with executable commands (nmap, burp suite, metasploit) and expected output formats
Add a clear workflow for test planning: scoping -> rules of engagement -> methodology selection -> execution phases -> reporting with validation checkpoints
Reference or link to compliance frameworks (PCI-DSS, SOC2) and how pen test findings map to compliance requirements
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with zero actionable information. | 1 / 3 |
Actionability | Contains no concrete guidance whatsoever - no code, no commands, no specific steps, no examples of actual penetration testing methodology. The 'Example Triggers' section just restates the skill name in different phrasings. | 1 / 3 |
Workflow Clarity | Claims to provide 'step-by-step guidance' but contains zero actual steps. No workflow, no sequence, no validation checkpoints - just meta-descriptions of what the skill supposedly does. | 1 / 3 |
Progressive Disclosure | No structure beyond generic headings. No references to detailed materials, no links to methodology guides, compliance frameworks, or tool documentation that would be essential for penetration testing. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.