CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

scanning-for-vulnerabilities

tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill scanning-for-vulnerabilities

This skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. It identifies security vulnerabilities in code, dependencies, and configurations, including CVE detection. Use this skill when the user asks to scan for vulnerabilities, security issues, or CVEs in their project. Trigger phrases include "scan for vulnerabilities", "find security issues", "check for CVEs", "/scan", or "/vuln". The plugin performs static analysis, dependency checking, and configuration analysis to provide a detailed vulnerability report.

60%

Overall

Validation81%

Implementation20%

Activation100%

SKILL.md
Review
Evals

Validation

81%
CriteriaDescriptionResult

metadata_version

'metadata' field is not a dictionary

Warning

license_field

'license' field is missing

Warning

body_output_format

No obvious output/return/format terms detected; consider specifying expected outputs

Warning

Total

13

/

16

Passed

Implementation

20%

This skill content is overly verbose and lacks actionable guidance. It describes what the vulnerability-scanner plugin does conceptually but never shows how to actually invoke it, what commands or syntax to use, or what the output looks like. The content reads like marketing copy rather than executable instructions.

Suggestions

Replace abstract descriptions with concrete plugin invocation syntax (e.g., actual command or function call to trigger the scanner)

Add a real example showing input command and expected output format/structure

Remove sections explaining obvious concepts like 'When to Use This Skill' and 'How It Works' - Claude can infer these

Include specific flags, options, or configuration parameters the plugin accepts

DimensionReasoningScore

Conciseness

Highly verbose with unnecessary explanations Claude already knows. Sections like 'How It Works', 'When to Use This Skill', and 'Integration' explain obvious concepts. The entire content could be reduced to a few lines showing how to invoke the plugin.

1 / 3

Actionability

No concrete commands, code, or executable guidance. Examples describe what 'the skill will do' abstractly rather than showing actual plugin invocation syntax, command formats, or expected output structures.

1 / 3

Workflow Clarity

Steps are listed but remain abstract ('Activate the vulnerability-scanner plugin'). No actual commands shown, no validation checkpoints for verifying scan completion, and no error handling guidance for failed scans.

2 / 3

Progressive Disclosure

Content is organized into sections but everything is inline when much could be omitted or referenced. No links to detailed documentation, plugin API reference, or advanced configuration options.

2 / 3

Total

6

/

12

Passed

Activation

100%

This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities (static analysis, dependency checking, CVE detection), explicit trigger guidance with natural user phrases, and clear 'Use when' instructions. The description is distinctive enough to avoid conflicts with other skills while being comprehensive about its security scanning focus.

DimensionReasoningScore

Specificity

Lists multiple specific concrete actions: 'identifies security vulnerabilities in code, dependencies, and configurations', 'CVE detection', 'static analysis, dependency checking, and configuration analysis', and 'detailed vulnerability report'.

3 / 3

Completeness

Clearly answers both what (vulnerability scanning, CVE detection, static analysis, dependency checking) AND when ('Use this skill when the user asks to scan for vulnerabilities, security issues, or CVEs') with explicit trigger phrases listed.

3 / 3

Trigger Term Quality

Excellent coverage of natural trigger terms users would say: 'scan for vulnerabilities', 'find security issues', 'check for CVEs', '/scan', '/vuln', plus mentions 'security vulnerabilities', 'CVE detection'.

3 / 3

Distinctiveness Conflict Risk

Clear niche focused specifically on vulnerability scanning and security analysis with distinct triggers like '/scan', '/vuln', 'CVEs' that are unlikely to conflict with general code or document skills.

3 / 3

Total

12

/

12

Passed

Reviewed

Table of Contents

ValidationImplementationActivation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill