CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

performing-penetration-testing

tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill performing-penetration-testing

This skill enables automated penetration testing of web applications. It uses the penetration-tester plugin to identify vulnerabilities, including OWASP Top 10 threats, and suggests exploitation techniques. Use this skill when the user requests a "penetration test", "pentest", "vulnerability assessment", or asks to "exploit" a web application. It provides comprehensive reporting on identified security flaws.

51%

Overall

Validation81%

Implementation7%

Activation90%

SKILL.md
Review
Evals

Validation

81%
CriteriaDescriptionResult

metadata_version

'metadata' field is not a dictionary

Warning

license_field

'license' field is missing

Warning

body_output_format

No obvious output/return/format terms detected; consider specifying expected outputs

Warning

Total

13

/

16

Passed

Implementation

7%

This skill content is essentially a marketing description rather than actionable guidance. It explains what penetration testing is and when to use it, but provides zero concrete instructions on how to invoke the penetration-tester plugin, what parameters it accepts, or what output to expect. Claude cannot execute this skill without knowing the actual commands and API.

Suggestions

Add concrete plugin invocation examples showing exact syntax: e.g., `penetration_tester.scan(target='example.com', scan_type='full')`

Include expected output format/schema so Claude knows how to parse and present results

Remove 'When to Use This Skill' and 'Overview' sections - this information belongs in frontmatter/description, not the body

Add validation steps: how to verify the target is in scope, how to confirm authorization, how to handle scan failures

DimensionReasoningScore

Conciseness

Highly verbose with sections explaining obvious concepts ('How It Works', 'When to Use This Skill') that Claude already knows. The 'Overview' restates the description, and 'Best Practices' contains generic security advice that doesn't add value.

1 / 3

Actionability

No concrete code, commands, or executable guidance provided. Examples describe what 'the skill will' do abstractly rather than showing actual plugin invocations, parameters, or expected output formats.

1 / 3

Workflow Clarity

Steps are vague descriptions ('Initiates a comprehensive penetration test') rather than actionable sequences. No validation checkpoints, no error handling, and no concrete workflow for how to actually invoke the penetration-tester plugin.

1 / 3

Progressive Disclosure

Content is organized into sections with headers, but everything is inline in one file. The 'Integration' section hints at external tools but provides no references. Structure exists but content that should be detailed elsewhere (like actual plugin usage) is simply missing.

2 / 3

Total

5

/

12

Passed

Activation

90%

This is a well-structured skill description with strong trigger terms and explicit usage guidance. The main weakness is that the capabilities could be more specific - listing concrete testing actions (SQL injection, XSS testing, authentication bypass) rather than general categories would improve specificity. Overall, it effectively communicates when Claude should select this skill.

Suggestions

Add specific concrete actions like 'test for SQL injection, XSS, authentication bypass, CSRF vulnerabilities' instead of the general 'identify vulnerabilities'

DimensionReasoningScore

Specificity

Names the domain (penetration testing of web applications) and mentions some actions (identify vulnerabilities, suggests exploitation techniques, provides reporting), but lacks specific concrete actions like 'scan for SQL injection, test authentication bypass, enumerate endpoints'.

2 / 3

Completeness

Clearly answers both what (automated penetration testing, identifies vulnerabilities including OWASP Top 10, suggests exploitation techniques, provides reporting) AND when (explicit 'Use this skill when...' clause with specific trigger phrases).

3 / 3

Trigger Term Quality

Includes excellent natural trigger terms users would actually say: 'penetration test', 'pentest', 'vulnerability assessment', 'exploit', and 'web application'. Good coverage of common variations.

3 / 3

Distinctiveness Conflict Risk

Clear niche focused specifically on web application penetration testing with distinct triggers like 'pentest', 'vulnerability assessment', and 'exploit'. Unlikely to conflict with general security or coding skills.

3 / 3

Total

11

/

12

Passed

Reviewed

Table of Contents

ValidationImplementationActivation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill