performing-security-code-review
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill performing-security-code-reviewExecute this skill enables AI assistant to conduct a security-focused code review using the security-agent plugin. it analyzes code for potential vulnerabilities like sql injection, xss, authentication flaws, and insecure dependencies. AI assistant uses this skill wh... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
51%
Overall
Validation
Implementation
Activation
Validation
81%| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md line count is 84 (<= 500) | Pass |
frontmatter_valid | YAML frontmatter is valid | Pass |
name_field | 'name' field is valid: 'performing-security-code-review' | Pass |
description_field | 'description' field is valid (390 chars) | Pass |
description_voice | 'description' uses third person voice | Pass |
description_trigger_hint | Description includes an explicit trigger hint | Pass |
compatibility_field | 'compatibility' field not present (optional) | Pass |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
metadata_field | 'metadata' field not present (optional) | Pass |
license_field | 'license' field is present: MIT | Pass |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_present | SKILL.md body is present | Pass |
body_examples | Examples detected (code fence or 'Example' wording) | Pass |
body_output_format | Output/return/format terms detected | Pass |
body_steps | Step-by-step structure detected (ordered list) | Pass |
Total | 13 / 16 Passed |
Implementation
7%This skill content is largely boilerplate with minimal actionable guidance. It explains what a security review is and describes abstract workflows without providing any concrete plugin invocation syntax, actual commands, or executable examples. The content would fail to help Claude actually perform a security scan because it lacks the specific technical details needed to use the security-agent plugin.
Suggestions
- Add concrete plugin invocation syntax showing exactly how to call the security-agent plugin with specific parameters and code input
- Replace abstract examples with actual code snippets showing vulnerable code and the expected security report output format
- Remove explanatory sections like 'Overview', 'How It Works', and 'When to Use' - Claude understands these concepts; focus on the specific commands and parameters
- Add a clear workflow with validation steps: how to invoke the scan, how to interpret results, what to do if the scan fails or finds issues
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with extensive explanation of concepts Claude already knows. Sections like 'Overview', 'How It Works', 'When to Use This Skill', and 'Integration' explain obvious concepts without adding actionable value. The content is heavily padded with generic descriptions. | 1 / 3 |
Actionability | No concrete code, commands, or executable guidance provided. Examples describe what 'the skill will' do abstractly rather than showing actual plugin invocation syntax, API calls, or specific commands. The 'Instructions' section is completely generic and non-actionable. | 1 / 3 |
Workflow Clarity | No clear workflow for invoking the security-agent plugin. Steps like 'Invoke this skill when trigger conditions are met' and 'Provide necessary context' are vague placeholders. No validation checkpoints, no specific parameters, no feedback loops for handling scan results. | 1 / 3 |
Progressive Disclosure | Content is organized into sections with headers, but it's a monolithic document with no references to external files for detailed information. The structure exists but contains mostly filler content that could be condensed significantly. | 2 / 3 |
Total | 5 / 12 Passed |
Activation
90%This description effectively communicates its security-focused purpose with good trigger terms and explicit usage guidance. The main weakness is the truncated text ('wh...') which suggests incomplete content, and the use of 'AI assistant' rather than third-person action verbs reduces clarity. The description would benefit from completing the truncated portion and using more direct action-oriented language.
Suggestions
- Complete the truncated text to ensure the full description is visible and coherent
- Rewrite to use third-person action verbs (e.g., 'Conducts security-focused code review' instead of 'enables AI assistant to conduct')
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security-focused code review) and lists some specific vulnerabilities (SQL injection, XSS, authentication flaws, insecure dependencies), but the description is truncated and doesn't comprehensively list all actions the skill performs. | 2 / 3 |
Completeness | Explicitly answers both what (security-focused code review analyzing vulnerabilities) and when (with explicit 'Use when...' clause and trigger phrases). Despite truncation, the essential components are present. | 3 / 3 |
Trigger Term Quality | Includes good natural trigger terms users would say: 'security scan', 'audit', 'vulnerability', plus domain terms like 'SQL injection', 'XSS'. These are terms users would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Clear security niche with distinct triggers ('security scan', 'audit', 'vulnerability'). Unlikely to conflict with general code review or other skills due to specific security focus and explicit trigger terms. | 3 / 3 |
Total | 11 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.