CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

performing-security-testing

tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill performing-security-testing

This skill automates security vulnerability testing. It is triggered when the user requests security assessments, penetration tests, or vulnerability scans. The skill covers OWASP Top 10 vulnerabilities, SQL injection, XSS, CSRF, authentication issues, and authorization flaws. Use this skill when the user mentions "security test", "vulnerability scan", "OWASP", "SQL injection", "XSS", "CSRF", "authentication", or "authorization" in the context of application or API testing.

60%

Overall

Validation81%

Implementation20%

Activation100%

SKILL.md
Review
Evals

Validation

81%
CriteriaDescriptionResult

metadata_version

'metadata' field is not a dictionary

Warning

license_field

'license' field is missing

Warning

body_output_format

No obvious output/return/format terms detected; consider specifying expected outputs

Warning

Total

13

/

16

Passed

Implementation

20%

This skill content describes what a security testing capability does rather than providing actionable instructions for using it. It lacks any concrete code, commands, or executable examples - everything remains at an abstract 'the plugin will do X' level. The content is also verbose, explaining obvious concepts and repeating trigger conditions already in the description.

Suggestions

Add concrete, executable examples showing actual plugin invocation syntax, command-line usage, or API calls (e.g., `security-test-scanner --target https://api.example.com --tests owasp-top-10`)

Remove the 'When to Use This Skill' section entirely as it duplicates the skill description and wastes tokens

Include example output/report format so Claude knows what to expect and how to interpret results

Add validation steps: how to verify scan completed successfully, how to handle scan failures or timeouts, what to do with partial results

DimensionReasoningScore

Conciseness

Verbose and padded with unnecessary context. Explains obvious concepts like 'when to use this skill' that duplicate the description, and includes filler phrases like 'This skill enables Claude to automatically perform' instead of just showing how to use it.

1 / 3

Actionability

No concrete code, commands, or executable guidance. Everything is abstract description ('The plugin will activate', 'Execute tests') with no actual syntax, API calls, or copy-paste ready examples showing how to invoke the scanner or interpret results.

1 / 3

Workflow Clarity

Steps are listed in sequence (Initiate -> Execute -> Generate Report) but lack validation checkpoints, error handling, or feedback loops. No guidance on what to do if scans fail or how to verify results are complete.

2 / 3

Progressive Disclosure

Content is organized into sections but everything is inline in one file. No references to detailed documentation for specific vulnerability types, API reference, or advanced configuration options that would benefit from separate files.

2 / 3

Total

6

/

12

Passed

Activation

100%

This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities (vulnerability types covered), comprehensive trigger terms that users would naturally use, explicit 'Use when' guidance with context scoping, and a distinct security testing niche that minimizes conflict risk with other skills.

DimensionReasoningScore

Specificity

Lists multiple specific concrete actions and vulnerability types: 'OWASP Top 10 vulnerabilities, SQL injection, XSS, CSRF, authentication issues, and authorization flaws' along with the core function of 'security vulnerability testing'.

3 / 3

Completeness

Clearly answers both what ('automates security vulnerability testing' covering specific vulnerability types) AND when ('Use this skill when the user mentions...' with explicit trigger terms and context 'in the context of application or API testing').

3 / 3

Trigger Term Quality

Excellent coverage of natural terms users would say: 'security test', 'vulnerability scan', 'OWASP', 'SQL injection', 'XSS', 'CSRF', 'authentication', 'authorization', 'penetration tests', 'security assessments'.

3 / 3

Distinctiveness Conflict Risk

Clear niche focused on security testing with highly specific triggers like 'OWASP', 'SQL injection', 'XSS', 'CSRF' that are unlikely to conflict with other skills; the domain is well-defined and distinct.

3 / 3

Total

12

/

12

Passed

Reviewed

Table of Contents

ValidationImplementationActivation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill