scanning-database-security
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill scanning-database-securityProcess use when you need to work with security and compliance. This skill provides security scanning and vulnerability detection with comprehensive guidance and automation. Trigger with phrases like "scan for vulnerabilities", "implement security controls", or "audit security".
Validation
81%| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 13 / 16 Passed | |
Implementation
20%This skill is a generic template that could apply to virtually any technical task - it contains no database security scanner-specific content whatsoever. There are no actual scanning commands, vulnerability detection techniques, security tools, or concrete examples. The content explains basic software development practices that Claude already knows rather than providing actionable security scanning guidance.
Suggestions
Add concrete, executable examples of database security scanning commands (e.g., specific SQL injection tests, privilege escalation checks, or tool invocations like `sqlmap`, `nmap` scripts, or database-specific audit queries)
Replace generic steps with database security-specific workflows: enumerate users/permissions, check for default credentials, scan for known CVEs, test authentication mechanisms, audit logging configuration
Include specific validation checkpoints for security scanning (e.g., 'Verify scan completed all checks: `grep -c PASS scan_results.log`') and remediation feedback loops
Remove the verbose prerequisites and error handling sections that explain concepts Claude already knows, and replace with database-specific security considerations and tool configurations
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with generic boilerplate that applies to any task. Explains obvious concepts Claude already knows (backup data, test in staging, monitor for issues). Nearly every section is padded with unnecessary context that doesn't add database security scanner-specific value. | 1 / 3 |
Actionability | No concrete code, commands, or executable examples. Everything is abstract guidance like 'Review current configuration' and 'Execute implementation' without any specific database security scanning tools, queries, or techniques. The 'Examples' section literally says 'will be demonstrated in context.' | 1 / 3 |
Workflow Clarity | Steps are numbered and sequenced, but they're generic software development lifecycle steps, not database security scanning workflows. No specific validation checkpoints for security scanning (e.g., verify CVE database is current, validate scan results against baseline). Missing feedback loops for vulnerability remediation. | 2 / 3 |
Progressive Disclosure | References external files (templates, docs, examples) which is good structure, but the main content is a wall of generic text. The referenced files use placeholder paths that may not exist. The Overview section appears at the end after all content, which is poor organization. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
82%The description has good trigger term coverage and completeness with explicit usage guidance, but suffers from vague capability descriptions ('comprehensive guidance and automation' is fluff). The security domain is somewhat distinct but could benefit from more specific actions to differentiate from other potential security skills.
Suggestions
Replace vague terms like 'comprehensive guidance and automation' with specific concrete actions (e.g., 'detect CVEs, scan dependencies, check OWASP compliance, generate security reports')
Add more specific file types or frameworks this skill handles to increase distinctiveness (e.g., 'analyze Docker images, scan npm packages, audit AWS configurations')
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security and compliance) and mentions some actions like 'security scanning' and 'vulnerability detection', but lacks specific concrete actions. Terms like 'comprehensive guidance and automation' are vague fluff. | 2 / 3 |
Completeness | Explicitly answers both what (security scanning, vulnerability detection) and when (trigger phrases provided). Has clear 'Trigger with phrases like...' clause that serves as explicit usage guidance. | 3 / 3 |
Trigger Term Quality | Includes natural trigger phrases users would say: 'scan for vulnerabilities', 'implement security controls', 'audit security'. These are realistic user requests that would help Claude select this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Security and compliance is a defined niche, but 'security' is broad and could overlap with other security-related skills. The trigger phrases help but aren't specific enough to a unique capability. | 2 / 3 |
Total | 10 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.