performing-security-audits
Analyze code, infrastructure, and configurations by conducting comprehensive security audits. It leverages tools within the security-pro-pack plugin, including vulnerability scanning, compliance checking, and cryptography review. Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
57
50%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/packages/security-pro-pack/skills/performing-security-audits/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly articulates specific capabilities (vulnerability scanning, compliance checking, cryptography review), provides explicit trigger guidance with natural user phrases, and occupies a distinct security-auditing niche. It uses proper third-person voice and is concise without being vague. Minor improvement could include additional file type or format triggers, but overall it meets the criteria well.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Analyze code, infrastructure, and configurations', 'vulnerability scanning', 'compliance checking', and 'cryptography review'. These are concrete, distinct capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (analyze code/infrastructure/configurations via vulnerability scanning, compliance checking, cryptography review) and 'when' (explicit 'Use when assessing security or running audits' plus trigger phrases). Both are explicitly stated. | 3 / 3 |
Trigger Term Quality | Includes natural trigger terms users would say: 'security scan', 'audit', 'vulnerability', plus domain terms like 'compliance checking', 'cryptography review', and 'security audits'. Good coverage of how users would phrase requests. | 3 / 3 |
Distinctiveness Conflict Risk | Clearly occupies a distinct niche around security auditing with specific triggers like 'security scan', 'audit', 'vulnerability', and mentions a specific plugin ('security-pro-pack'). Unlikely to conflict with non-security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is almost entirely boilerplate with no actionable, concrete guidance. It describes what the skill does in abstract terms without providing any executable examples, specific tool invocation syntax, parameter formats, or expected output structures. The content is heavily padded with sections that add no value (e.g., 'Output: The skill produces structured output relevant to the task') and explains concepts Claude already understands.
Suggestions
Replace abstract descriptions with concrete tool invocation examples showing exact syntax, parameters, and expected output format (e.g., how to call `Security Auditor Expert` with specific arguments and what the response looks like).
Remove all filler sections (Prerequisites, Integration, Output, Error Handling, Resources) that contain only generic placeholder text, and consolidate the Overview/How It Works/When to Use sections into a single concise section.
Add a concrete workflow with validation steps, e.g., 'Run vulnerability scan → review findings → verify fixes → re-scan to confirm remediation'.
Provide at least one complete, copy-paste-ready example showing the full input-to-output flow including the actual tool call and a sample structured report output.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with significant redundancy. The 'Overview' section restates the opening paragraph. 'When to Use This Skill', 'Best Practices', 'Integration', 'Prerequisites', 'Instructions', 'Output', 'Error Handling', and 'Resources' sections are all padded filler that either restate obvious information or provide no actionable detail. Claude already knows what GDPR and OWASP are. | 1 / 3 |
Actionability | No concrete code, commands, or executable guidance anywhere. The examples describe what 'the skill will' do in abstract terms rather than showing actual tool invocations, parameters, or expected outputs. Instructions like 'Invoke this skill when the trigger conditions are met' and 'Provide necessary context and parameters' are completely vague. | 1 / 3 |
Workflow Clarity | The 'How It Works' section describes a generic 3-step process (select tool, execute, report) with no specifics about tool names/parameters, validation checkpoints, or error recovery. The 'Instructions' section is four generic bullet points that could apply to literally any skill. No feedback loops or verification steps exist. | 1 / 3 |
Progressive Disclosure | Monolithic wall of text with no references to external files or documentation. Multiple sections contain filler content ('The skill produces structured output relevant to the task', 'Project documentation', 'Related skills and commands') that point nowhere specific. Content is poorly organized with redundant sections that could be consolidated. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3e83543
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.