security-benchmark-runner

Security Benchmark Runner - Auto-activating skill for Security Advanced. Triggers on: security benchmark runner, security benchmark runner Part of the Security Advanced skill category.

1.02x

Quality

Does it follow best practices?

Impact

94%

1.02x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/security-benchmark-runner/SKILL.md

Quality

Discovery

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This description is essentially a placeholder with no substantive content. It repeats the skill name as its own trigger term, provides zero information about what the skill actually does, and lacks any 'Use when...' guidance. It would be nearly impossible for Claude to correctly select this skill from a pool of available skills.

Suggestions

Add specific concrete actions the skill performs, e.g., 'Runs CIS benchmarks against system configurations, evaluates security compliance posture, generates remediation reports for failed checks.'

Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about security benchmarks, compliance scanning, CIS hardening, security audits, or system hardening checks.'

Include distinct keywords and file types/tools involved (e.g., 'CIS', 'STIG', 'OpenSCAP', 'compliance report', 'hardening') to differentiate from other security-related skills.

Dimension	Reasoning	Score
Specificity	The description provides no concrete actions whatsoever. It only states it is a 'Security Benchmark Runner' without explaining what it actually does—no verbs describing specific capabilities like 'scans', 'evaluates', 'reports', etc.	1 / 3
Completeness	Neither the 'what' nor the 'when' is meaningfully answered. There is no explanation of what the skill does beyond its name, and no explicit 'Use when...' clause or equivalent trigger guidance.	1 / 3
Trigger Term Quality	The trigger terms are just the skill name repeated twice ('security benchmark runner, security benchmark runner'). There are no natural user keywords like 'security scan', 'vulnerability assessment', 'compliance check', 'CIS benchmark', or other terms a user would naturally use.	1 / 3
Distinctiveness Conflict Risk	The description is too vague to be distinctive. 'Security benchmark runner' could overlap with any security-related skill, and without specific actions or scope defined, it would be difficult to distinguish from other security tools or skills.	1 / 3
	Total	4 / 12 Passed

Implementation

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill is a hollow placeholder with no substantive content. It contains only meta-descriptions of what it claims to do without any actual instructions, code, commands, benchmark tool references, or workflows. It provides no value to Claude beyond what the skill's title and tags already convey.

Suggestions

Add concrete, executable examples of running specific security benchmarks (e.g., CIS benchmarks with tools like Lynis, OpenSCAP, or kube-bench), including actual commands and expected output formats.

Define a clear multi-step workflow: select benchmark → configure scope → run scan → validate results → generate report, with explicit validation checkpoints at each stage.

Remove all meta-description sections ('Purpose', 'When to Use', 'Capabilities', 'Example Triggers') that merely describe the skill abstractly, and replace them with actionable technical content.

Include specific tool configurations, compliance framework mappings (e.g., CIS → SOC2 controls), and example output parsing to make the skill genuinely useful for security benchmark tasks.

Dimension	Reasoning	Score
Conciseness	The content is almost entirely filler and meta-description. It explains what the skill does in abstract terms without providing any actual technical content. Phrases like 'Provides step-by-step guidance' and 'Follows industry best practices' are empty padding.	1 / 3
Actionability	There is zero concrete, executable guidance — no commands, no code, no specific steps, no tool references, no benchmark names, no configuration examples. The entire skill describes rather than instructs.	1 / 3
Workflow Clarity	No workflow is defined at all. There are no steps, no sequence, no validation checkpoints. The skill claims to provide 'step-by-step guidance' but contains none.	1 / 3
Progressive Disclosure	No bundle files exist and no references to external resources are provided. The content is a monolithic block of vague descriptions with no structure that aids navigation or discovery.	1 / 3
	Total	4 / 12 Passed

Validation

81%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 9 / 11 Passed

Validation for skill structure

Criteria	Description	Result
allowed_tools_field	'allowed-tools' contains unusual tool name(s)	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	9 / 11 Passed

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 13d35b8

Reviewed: 3 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.