performing-security-audits
Analyze code, infrastructure, and configurations by conducting comprehensive security audits. It leverages tools within the security-pro-pack plugin, including vulnerability scanning, compliance checking, and cryptography review. Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
57
50%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/packages/security-pro-pack/skills/performing-security-audits/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly articulates specific capabilities (vulnerability scanning, compliance checking, cryptography review), provides explicit trigger guidance with natural user phrases, and occupies a distinct security-auditing niche. The description is concise, uses third-person voice correctly, and covers both 'what' and 'when' dimensions effectively.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Analyze code, infrastructure, and configurations', 'vulnerability scanning', 'compliance checking', and 'cryptography review'. These are concrete, distinct capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (analyze code/infrastructure/configurations via vulnerability scanning, compliance checking, cryptography review) and 'when' (explicit 'Use when assessing security or running audits' plus trigger phrases). | 3 / 3 |
Trigger Term Quality | Includes natural trigger terms users would say: 'security scan', 'audit', 'vulnerability', plus domain terms like 'compliance checking', 'cryptography review', and 'security audits'. Good coverage of natural phrases. | 3 / 3 |
Distinctiveness Conflict Risk | Clearly occupies a distinct niche around security auditing with specific triggers like 'security scan', 'audit', 'vulnerability'. References a specific plugin ('security-pro-pack'), making it unlikely to conflict with general code analysis or other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is almost entirely generic boilerplate with no actionable, concrete guidance. It describes what a security audit skill would do in abstract terms but provides no executable code, specific tool invocation syntax, parameter details, output schemas, or validation steps. Multiple sections (Instructions, Output, Error Handling, Resources, Prerequisites) appear to be template placeholders with no real content.
Suggestions
Replace abstract descriptions with concrete tool invocation examples showing exact syntax, parameters, and expected output formats for each security-pro-pack tool (Security Auditor Expert, Compliance Checker, Crypto Audit).
Remove all generic boilerplate sections (Prerequisites, Instructions, Output, Error Handling, Resources) that contain no skill-specific information, and consolidate the redundant Overview/intro sections.
Add a concrete workflow with validation checkpoints, e.g., how to verify scan results, handle false positives, and iterate on findings with specific commands or tool calls.
Either provide bundle files documenting each tool's API/parameters or inline the essential reference information needed to actually invoke the security-pro-pack tools.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with significant redundancy. The 'Overview' section restates the intro paragraph. 'How It Works' explains obvious agent orchestration concepts. 'Best Practices', 'Integration', 'Prerequisites', 'Instructions', 'Output', 'Error Handling', and 'Resources' sections are all generic filler that provide no skill-specific value. Much of this content explains things Claude already knows. | 1 / 3 |
Actionability | No concrete code, commands, or executable guidance anywhere. Examples describe what 'the skill will' do in abstract terms rather than showing actual tool invocations, parameters, or output formats. The 'Instructions' section is entirely generic ('Invoke this skill when trigger conditions are met'). There's nothing copy-paste ready or specific enough to act on. | 1 / 3 |
Workflow Clarity | The 'How It Works' section lists three abstract steps (Analysis Selection, Execution, Reporting) with no concrete details about tool parameters, validation checkpoints, or error recovery. The examples describe workflows at a high level ('invoke the agent', 'analyze the code', 'generate a report') without any specifics about how to actually perform these steps. | 1 / 3 |
Progressive Disclosure | No bundle files are provided, yet the skill references tools like 'Security Auditor Expert', 'Compliance Checker', and 'Crypto Audit' without any links or references to documentation about them. The content is a monolithic wall of generic text with no meaningful structure pointing to detailed materials. Multiple sections (Prerequisites, Instructions, Output, Error Handling, Resources) contain placeholder-quality content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3a2d27d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.