secret-scanner
Secret Scanner - Auto-activating skill for Security Fundamentals. Triggers on: secret scanner, secret scanner Part of the Security Fundamentals skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill secret-scannerOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is severely lacking in all key areas. It provides no information about what the skill actually does, contains redundant trigger terms with no natural language variations, and fails to explain when Claude should select this skill. The description reads as auto-generated boilerplate rather than a useful skill selector.
Suggestions
Add specific actions the skill performs, e.g., 'Scans code for hardcoded secrets, API keys, passwords, tokens, and credentials in source files.'
Include a 'Use when...' clause with natural trigger terms like 'find secrets', 'scan for credentials', 'detect API keys', 'security audit', 'leaked passwords'.
Remove the redundant duplicate trigger term and expand with variations users would naturally say when needing this functionality.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description provides no concrete actions - it only states it's an 'auto-activating skill for Security Fundamentals' without explaining what it actually does (e.g., scan for API keys, detect credentials, find hardcoded secrets). | 1 / 3 |
Completeness | The description fails to answer 'what does this do' (no actions described) and 'when should Claude use it' (no use cases or scenarios provided beyond the redundant trigger term). | 1 / 3 |
Trigger Term Quality | The 'Triggers on' field redundantly lists 'secret scanner' twice, providing no natural keyword variations users might say like 'find secrets', 'credential scan', 'API key detection', 'hardcoded passwords', etc. | 1 / 3 |
Distinctiveness Conflict Risk | While 'secret scanner' is somewhat specific to security scanning, the lack of detail about what types of secrets or what actions it performs could cause overlap with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill is an empty placeholder that provides no actual value. It describes what a secret scanner skill would do without providing any concrete guidance, code examples, regex patterns, tool recommendations, or workflows for detecting secrets in code. The entire content could be replaced with actual secret scanning patterns and it would be infinitely more useful.
Suggestions
Add concrete regex patterns or code examples for detecting common secrets (API keys, passwords, tokens, private keys)
Include specific tool recommendations with executable commands (e.g., trufflehog, gitleaks, detect-secrets) and example usage
Provide a clear workflow: 1) scan with tool X, 2) review findings, 3) remediate by rotating secrets, 4) add to .gitignore or pre-commit hooks
Add examples of common secret patterns to detect (AWS keys, GitHub tokens, database connection strings) with sample regex or detection rules
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with no actionable information. | 1 / 3 |
Actionability | No concrete code, commands, patterns, or specific guidance is provided. The skill describes what it does abstractly ('provides step-by-step guidance') but never actually provides any guidance on how to scan for secrets. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process is defined. The skill claims to provide 'step-by-step guidance' but contains zero actual steps for performing secret scanning. | 1 / 3 |
Progressive Disclosure | No references to detailed documentation, no examples, no links to related materials. The content is a shallow placeholder with no structure for discovery or deeper learning. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.