plugin-auditor
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill plugin-auditorAudit automatically audits AI assistant code plugins for security vulnerabilities, best practices, AI assistant.md compliance, and quality standards when user mentions audit plugin, security review, or best practices check. specific to AI assistant-code-plugins repositor... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
55%
Overall
Validation
Implementation
Activation
Validation
81%| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md line count is 45 (<= 500) | Pass |
frontmatter_valid | YAML frontmatter is valid | Pass |
name_field | 'name' field is valid: 'plugin-auditor' | Pass |
description_field | 'description' field is valid (394 chars) | Pass |
description_voice | 'description' uses third person voice | Pass |
description_trigger_hint | Description includes an explicit trigger hint | Pass |
compatibility_field | 'compatibility' field not present (optional) | Pass |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
metadata_field | 'metadata' field not present (optional) | Pass |
license_field | 'license' field is present: MIT | Pass |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_present | SKILL.md body is present | Pass |
body_examples | Examples detected (code fence or 'Example' wording) | Pass |
body_output_format | Output/return/format terms detected | Pass |
body_steps | Step-by-step structure detected (ordered list) | Pass |
Total | 13 / 16 Passed |
Implementation
22%This skill is a generic template with no actual content specific to plugin auditing, security review, or vulnerability scanning. Despite the description promising automated security audits and best practices checks, the body provides zero actionable guidance - no audit checklists, no security patterns to check, no code examples, and no specific workflows for the AI assistant-code-plugins repository context.
Suggestions
- Add specific security audit checklist items (e.g., input validation, authentication checks, permission boundaries, data exposure risks) with concrete examples of what to look for
- Include executable code or commands for running security scans, with example output showing how to interpret and report findings
- Define a clear audit workflow with validation steps: what files to examine, what patterns indicate vulnerabilities, how to document findings, and severity classification criteria
- Replace generic placeholder text with actual plugin-specific guidance referencing the AI assistant-code-plugins repository structure and compliance requirements
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is brief but in a hollow way - it's generic boilerplate that could apply to any skill. It doesn't waste tokens explaining concepts Claude knows, but it also doesn't provide any actual substance worth the tokens it uses. | 2 / 3 |
Actionability | The content is entirely vague and abstract with no concrete code, commands, or specific guidance. Instructions like 'Invoke this skill when trigger conditions are met' and 'Provide necessary context' give Claude nothing executable to work with for a security audit. | 1 / 3 |
Workflow Clarity | The 4-step process is generic placeholder text with no actual audit workflow. For a security auditing skill, there should be specific validation checkpoints, what to scan, how to report vulnerabilities - none of which are present. | 1 / 3 |
Progressive Disclosure | References to external files (errors.md, examples.md) are present and one-level deep, but the main content is so empty that the structure serves no purpose. The references use template variables ({baseDir}) suggesting incomplete implementation. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
82%This description has strong completeness with explicit 'Use when' guidance and good trigger terms, but suffers from moderate specificity issues (listing categories rather than concrete actions) and a truncated repository name that reduces clarity. The trigger terms are well-chosen for user discoverability, though some generic security terms could cause conflicts with other audit-related skills.
Suggestions
- Replace abstract categories with concrete actions (e.g., 'scans for SQL injection, validates input sanitization, checks authentication patterns' instead of 'security vulnerabilities')
- Fix the truncated text 'repositor...' to show the complete repository name for better distinctiveness
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (AI assistant code plugins) and lists several action categories (security vulnerabilities, best practices, compliance, quality standards), but these are somewhat abstract rather than concrete specific actions like 'extract text' or 'fill forms'. | 2 / 3 |
Completeness | Clearly answers both what (audits AI assistant code plugins for security, best practices, compliance, quality) AND when (explicit 'Use when...' clause with trigger phrases like 'security scan', 'audit', 'vulnerability'). | 3 / 3 |
Trigger Term Quality | Includes good coverage of natural trigger terms: 'audit plugin', 'security review', 'best practices check', 'security scan', 'audit', 'vulnerability' - these are terms users would naturally say when needing this functionality. | 3 / 3 |
Distinctiveness Conflict Risk | Specific to 'AI assistant-code-plugins repository' which provides some distinctiveness, but generic terms like 'security scan' and 'audit' could overlap with other security-focused skills. The truncated repository name ('repositor...') reduces clarity. | 2 / 3 |
Total | 10 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.