scanning-for-data-privacy-issues
This skill enables Claude to automatically scan code and configuration files for potential data privacy vulnerabilities using the data-privacy-scanner plugin. It identifies sensitive data exposure, compliance violations, and other privacy-related risks. Use this skill when the user requests to "scan for data privacy issues", "check privacy compliance", "find PII leaks", "identify GDPR violations", or needs a "privacy audit" of their codebase. The skill is most effective when used on projects involving personal data, financial information, or health records.
61
53%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-batch-20251204-000554/plugins/security/data-privacy-scanner/skills/data-privacy-scanner/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly communicates what the skill does, when to use it, and includes excellent trigger terms. It uses proper third-person voice, lists concrete actions, provides explicit 'Use when' guidance with natural user phrases, and occupies a distinct niche. The additional context about project types (personal data, financial information, health records) further aids in appropriate skill selection.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'scan code and configuration files', 'identifies sensitive data exposure', 'compliance violations', and 'privacy-related risks'. Also mentions the specific tool used ('data-privacy-scanner plugin'). | 3 / 3 |
Completeness | Clearly answers both 'what' (scan code/config files for privacy vulnerabilities, identify sensitive data exposure and compliance violations) and 'when' (explicit 'Use this skill when...' clause with multiple trigger phrases and context about project types). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'scan for data privacy issues', 'check privacy compliance', 'find PII leaks', 'identify GDPR violations', 'privacy audit'. Also includes domain terms like 'personal data', 'financial information', 'health records'. | 3 / 3 |
Distinctiveness Conflict Risk | Occupies a clear niche focused specifically on data privacy scanning, with distinct triggers like 'PII leaks', 'GDPR violations', and 'privacy audit' that are unlikely to conflict with general security or code analysis skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is essentially a high-level description of what a data-privacy-scanner plugin does, rather than actionable instructions for Claude to follow. It lacks any concrete commands, plugin invocation syntax, output format examples, or executable code. The content is verbose, repeats information from the description, and provides no real operational value to Claude.
Suggestions
Add the actual plugin invocation syntax/command (e.g., how to call the data-privacy-scanner, what arguments it accepts, what the CLI or API looks like)
Include a concrete example showing real input and expected output (e.g., a sample scan report format or JSON schema of findings)
Remove the 'Overview', 'When to Use This Skill', and 'Integration' sections as they duplicate the YAML description and add no actionable value
Add validation/error handling steps: what to do when the scanner returns errors, how to handle false positives, and how to verify remediation
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and padded with unnecessary explanations. Sections like 'Overview', 'When to Use This Skill', and 'Integration' repeat information Claude already knows or that belongs in the YAML frontmatter description. The 'How It Works' section describes abstract concepts rather than providing actionable instructions. The 'Best Practices' section states obvious advice like 'carefully review the generated report.' | 1 / 3 |
Actionability | There is no concrete, executable guidance anywhere in the skill. No actual commands, code snippets, API calls, or plugin invocation syntax are provided. The examples describe what the skill 'will do' in abstract terms rather than showing how to actually invoke the data-privacy-scanner plugin or what its output looks like. The entire skill reads as a marketing description rather than an instruction manual. | 1 / 3 |
Workflow Clarity | The steps listed are vague ('Activate the data-privacy-scanner plugin', 'Generate a report') with no concrete commands, no validation checkpoints, and no error recovery guidance. There is no information about what to do if the scan fails, how to interpret results, or how to handle false positives. | 1 / 3 |
Progressive Disclosure | The content is organized into logical sections with clear headers, which provides some structure. However, there are no bundle files or external references, and the content that is present is mostly filler rather than substantive material that would benefit from being split across files. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
9be4627
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.