scanning-for-gdpr-compliance
This skill enables Claude to scan applications and data systems for GDPR compliance issues. It identifies potential violations related to data protection, privacy rights, consent management, and other regulatory requirements. Use this skill when the user asks to "scan for GDPR compliance", check "GDPR compliance", or audit for "data privacy". The skill leverages the `gdpr-compliance-scanner` plugin to perform a comprehensive assessment and generate a detailed report.
92
44%
Does it follow best practices?
Impact
97%
1.25xAverage score across 15 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/gdpr-compliance-scanner/skills/gdpr-compliance-scanner/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly communicates its purpose and includes explicit trigger guidance. Its main weakness is that the specific capabilities could be more granular—listing concrete actions like 'audit data retention policies, flag missing consent mechanisms, check data subject access request workflows' rather than broad category labels. Overall, it performs well on completeness and distinctiveness.
Suggestions
Replace broad category labels ('data protection, privacy rights, consent management') with more concrete specific actions like 'audit data retention policies, flag missing consent mechanisms, verify data subject access request workflows, check cross-border data transfer compliance'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (GDPR compliance) and some actions ('scan applications and data systems', 'identifies potential violations'), and mentions sub-areas like 'data protection, privacy rights, consent management', but these read more like category labels than concrete specific actions. It doesn't list multiple distinct concrete operations like 'generate compliance report, flag consent gaps, audit data retention policies'. | 2 / 3 |
Completeness | The description clearly answers both 'what' (scans applications and data systems for GDPR compliance issues, identifies violations related to data protection, privacy rights, consent management) and 'when' (explicit 'Use this skill when...' clause with specific trigger phrases like 'scan for GDPR compliance', 'check GDPR compliance', 'audit for data privacy'). | 3 / 3 |
Trigger Term Quality | The description includes strong natural trigger terms: 'scan for GDPR compliance', 'GDPR compliance', 'data privacy', 'audit', 'data protection', 'privacy rights', 'consent management', and 'regulatory requirements'. These cover a good range of terms users would naturally use when requesting this type of analysis. | 3 / 3 |
Distinctiveness Conflict Risk | The skill is clearly scoped to GDPR compliance scanning specifically, with distinct triggers like 'GDPR compliance' and references to a specific plugin ('gdpr-compliance-scanner'). This creates a clear niche that is unlikely to conflict with other skills unless there are multiple GDPR-related skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is almost entirely descriptive and abstract, lacking any concrete, actionable guidance. It reads more like a marketing overview than a technical skill file—there are no executable examples, no plugin invocation syntax, no configuration details, and no validation steps. The content is verbose, repeating the same high-level concept across multiple sections without adding substantive value.
Suggestions
Add concrete plugin invocation syntax showing exactly how to call the `gdpr-compliance-scanner` plugin, including required parameters and expected response format.
Replace the narrative examples with actual input/output pairs showing the plugin call and a sample report structure (e.g., JSON schema of the compliance report).
Remove the 'Overview', 'When to Use This Skill', 'Best Practices', and 'Integration' sections—they add no actionable information and waste tokens on things Claude already knows or that belong in the YAML frontmatter.
Add error handling guidance and validation steps, such as what to do when the plugin returns errors, how to verify scan completeness, and how to handle partial results.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and padded with unnecessary explanations. Sections like 'Overview', 'When to Use This Skill', and 'Best Practices' largely restate obvious information or repeat what's already in the description. Claude doesn't need to be told what GDPR is or that it should 'provide as much context as possible.' The 'How It Works' section describes a trivial 4-step process that amounts to 'call the plugin and return results.' | 1 / 3 |
Actionability | There is no concrete, executable guidance anywhere. No actual commands, API calls, plugin invocation syntax, configuration parameters, or code examples are provided. The examples describe what the skill 'will do' in abstract narrative form rather than showing actual inputs, outputs, or plugin call syntax. It describes rather than instructs. | 1 / 3 |
Workflow Clarity | The workflow is essentially 'call the plugin and get a report' described in 4 vague steps with no validation checkpoints, no error handling, no feedback loops, and no concrete details about what happens if the scan fails or returns unexpected results. There's no guidance on how to interpret or act on the report output. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block with no references to external files, no bundle files to support it, and no structured navigation. All sections are inline and mostly redundant. There's no separation of quick-start content from advanced usage, and no referenced documentation for the plugin's API or configuration options. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Commit
13d35b8
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.