performing-security-audits
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill performing-security-auditsAnalyze code, infrastructure, and configurations by conducting comprehensive security audits. It leverages tools within the security-pro-pack plugin, including vulnerability scanning, compliance checking, and cryptography review. Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
Validation
81%| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 13 / 16 Passed | |
Implementation
20%This skill content is largely descriptive rather than instructive, explaining what the security-pro-pack does conceptually without providing actionable guidance on how to use it. It lacks concrete tool invocation syntax, parameter specifications, or executable examples. The content is padded with generic boilerplate sections that don't add value for Claude's use.
Suggestions
Replace abstract examples with concrete tool invocation syntax showing exact commands/parameters (e.g., `mcp__security-pro-pack__security_audit(target='auth.py', scope='authentication')`)
Remove redundant sections (duplicate overview, generic Prerequisites/Instructions/Error Handling) that don't provide skill-specific information
Add actual code examples showing how to interpret and act on tool outputs, including sample vulnerability reports and remediation workflows
Include validation steps for verifying audit results and handling common failure modes specific to each security tool
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Highly verbose with redundant explanations (overview repeated twice), explains concepts Claude already knows (what security audits are, what OWASP Top 10 is), and includes generic boilerplate sections (Prerequisites, Instructions, Error Handling) that add no actionable value. | 1 / 3 |
Actionability | No concrete code, commands, or executable examples provided. Examples describe what 'the skill will do' abstractly rather than showing actual tool invocations, parameters, or expected outputs. No copy-paste ready content. | 1 / 3 |
Workflow Clarity | The 'How It Works' section provides a basic 3-step sequence (selection, execution, reporting), but lacks specific validation checkpoints, error recovery steps, or concrete details about what parameters to pass or how to verify results. | 2 / 3 |
Progressive Disclosure | Content is organized into sections but everything is inline in one file with no references to detailed documentation. The 'Resources' section mentions documentation but provides no actual links. Content that could be split (tool reference, examples) is all embedded. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
100%This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities, includes explicit trigger terms, clearly answers both what and when questions, and establishes a distinct security-focused niche. The description uses proper third-person voice and avoids vague language.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Analyze code, infrastructure, and configurations', 'conducting comprehensive security audits', 'vulnerability scanning', 'compliance checking', and 'cryptography review'. | 3 / 3 |
Completeness | Clearly answers both what (analyze code/infrastructure/configs via security audits with specific tools) AND when ('Use when assessing security or running audits. Trigger with phrases like...'). Has explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Explicitly includes natural trigger terms users would say: 'security scan', 'audit', 'vulnerability', plus domain terms like 'security audits', 'compliance checking'. Good coverage of how users naturally request security reviews. | 3 / 3 |
Distinctiveness Conflict Risk | Clear security-focused niche with distinct triggers ('security scan', 'audit', 'vulnerability'). Mentions specific plugin 'security-pro-pack' and specialized capabilities like 'cryptography review' that distinguish it from general code analysis skills. | 3 / 3 |
Total | 12 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.