scanning-for-gdpr-compliance
This skill enables Claude to scan applications and data systems for GDPR compliance issues. It identifies potential violations related to data protection, privacy rights, consent management, and other regulatory requirements. Use this skill when the user asks to "scan for GDPR compliance", check "GDPR compliance", or audit for "data privacy". The skill leverages the `gdpr-compliance-scanner` plugin to perform a comprehensive assessment and generate a detailed report.
93
48%
Does it follow best practices?
Impact
97%
1.25xAverage score across 15 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/gdpr-compliance-scanner/skills/gdpr-compliance-scanner/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-constructed skill description that clearly communicates its purpose, includes explicit trigger guidance, and occupies a distinct niche. Its main weakness is that the specific capabilities could be more granular - listing concrete actions beyond 'scan' and 'identify' would strengthen the specificity dimension. Overall, it follows best practices for skill descriptions.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (GDPR compliance) and some actions like 'scan applications and data systems', 'identifies potential violations', and mentions sub-areas (data protection, privacy rights, consent management), but the specific concrete actions are somewhat generic - it doesn't list distinct operations like 'generate remediation plans, flag non-compliant data flows, audit consent records'. | 2 / 3 |
Completeness | Clearly answers both 'what' (scans applications and data systems for GDPR compliance issues, identifies violations related to data protection, privacy rights, consent management) and 'when' (explicit 'Use this skill when...' clause with specific trigger phrases like 'scan for GDPR compliance', 'check GDPR compliance', 'audit for data privacy'). | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms: 'GDPR compliance', 'scan for GDPR compliance', 'data privacy', 'audit', 'data protection', 'privacy rights', 'consent management'. These cover the main ways a user would naturally phrase such a request. | 3 / 3 |
Distinctiveness Conflict Risk | The skill is clearly scoped to GDPR compliance scanning specifically, references a specific plugin (`gdpr-compliance-scanner`), and the trigger terms are distinct enough to avoid conflicts with general security or code review skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content reads like a marketing overview rather than actionable technical guidance. It lacks any concrete plugin invocation syntax, expected output formats, or executable examples. The content is heavily padded with explanations of obvious concepts and vague descriptions of what the tool does, rather than showing Claude exactly how to use it.
Suggestions
Add the actual plugin invocation syntax/command (e.g., how to call `gdpr-compliance-scanner` with specific parameters) so Claude knows exactly what to execute.
Include a concrete example of the expected output format (e.g., a sample JSON report or structured compliance report) so Claude knows what to present to the user.
Remove the 'Overview', 'When to Use This Skill', 'Best Practices', and 'Integration' sections—these are either redundant with the skill description or explain things Claude already knows.
Add validation/error handling guidance: what to do if the scan fails, how to verify the report is complete, and how to handle edge cases like insufficient access permissions.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and padded with unnecessary explanations. Sections like 'Overview', 'When to Use This Skill', and 'Best Practices' explain things Claude already knows or that are covered in the skill description. The 'How It Works' section restates obvious plugin invocation steps. Much of this could be cut to a fraction of its size. | 1 / 3 |
Actionability | There is no concrete, executable guidance anywhere—no actual commands, no code, no API calls, no plugin invocation syntax. The examples describe what the skill 'will do' in abstract narrative form rather than showing how to actually invoke the plugin or what the output looks like. It describes rather than instructs. | 1 / 3 |
Workflow Clarity | The workflow steps are vague and high-level ('Activate the plugin', 'Scan the application', 'Generate a report') with no validation checkpoints, no error handling, no feedback loops, and no concrete details about what happens at each step or how to verify results. | 1 / 3 |
Progressive Disclosure | The content is organized into sections with headers, which provides some structure. However, there are no references to external files, no bundle files to support deeper content, and inline content that could be trimmed is kept verbose. The organization exists but doesn't leverage progressive disclosure effectively. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Commit
197ebf7
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.