security-policy-generator
Security Policy Generator - Auto-activating skill for Security Advanced. Triggers on: security policy generator, security policy generator Part of the Security Advanced skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill security-policy-generatorOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is severely lacking in substance - it reads more like auto-generated metadata than a useful skill description. It provides no information about what the skill actually does, what types of security policies it generates, or meaningful trigger scenarios. The repeated trigger term and category boilerplate add no value for skill selection.
Suggestions
Add specific capabilities: describe what types of security policies are generated (e.g., 'Generates access control policies, data protection guidelines, network security rules, and compliance documentation')
Include a proper 'Use when...' clause with natural trigger terms users would say (e.g., 'Use when the user needs security policies, compliance documents, access control rules, or asks about security standards')
Remove redundant trigger terms and boilerplate category text; replace with concrete examples of policy types or security frameworks supported
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions - it only names itself ('Security Policy Generator') without explaining what it actually does. There are no verbs describing capabilities like 'generates', 'creates', 'analyzes', etc. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. It only provides meta-information about the skill category and trigger phrases without explaining functionality or use cases. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'security policy generator' repeated twice, which is redundant and unlikely to match natural user language. Missing common variations like 'security policies', 'compliance', 'access control', 'policy templates', etc. | 1 / 3 |
Distinctiveness Conflict Risk | While 'security policy' is somewhat specific, the lack of detail about what kind of security policies (network, access control, data protection, etc.) could cause overlap with other security-related skills. The category mention provides some distinction. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill is an empty shell with no actionable content. It describes what a security policy generator might do in abstract terms but provides zero concrete guidance, templates, policy examples, or implementation steps. A security policy generator skill should include actual policy templates, compliance framework mappings, and executable generation workflows.
Suggestions
Add concrete security policy templates (e.g., access control policy, incident response policy) with actual content Claude can customize
Include a step-by-step workflow for generating policies: 1) Identify scope, 2) Select framework (SOC2/GDPR/etc), 3) Generate draft, 4) Validate against compliance requirements
Provide executable code or structured output formats for policy generation (e.g., JSON schema, markdown templates)
Add specific examples showing input requirements and expected policy output for at least 2-3 common policy types
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that provides no actual value. Phrases like 'provides automated assistance' and 'follows industry best practices' are vague filler that Claude doesn't need. | 1 / 3 |
Actionability | There is zero concrete guidance - no code, no commands, no specific steps, no examples of actual security policies. The content only describes what the skill claims to do without showing how to do anything. | 1 / 3 |
Workflow Clarity | No workflow is defined at all. For a 'Security Policy Generator' skill, there should be clear steps for generating policies, validation checkpoints, and output formats - none of which are present. | 1 / 3 |
Progressive Disclosure | The content is a shallow placeholder with no actual substance to organize. There are no references to detailed materials, templates, or examples that would be essential for a security policy generator. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.