CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

validating-pci-dss-compliance

tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill validating-pci-dss-compliance

This skill uses the pci-dss-validator plugin to assess codebases and infrastructure configurations for compliance with the Payment Card Industry Data Security Standard (PCI DSS). It identifies potential vulnerabilities and deviations from PCI DSS requirements. Use this skill when the user requests to "validate PCI compliance", "check PCI DSS", "assess PCI security", or "review PCI standards" for a given project or configuration. It helps ensure that systems handling cardholder data meet the necessary security controls.

57%

Overall

Validation81%

Implementation20%

Activation90%

SKILL.md
Review
Evals

Validation

81%
CriteriaDescriptionResult

metadata_version

'metadata' field is not a dictionary

Warning

license_field

'license' field is missing

Warning

body_output_format

No obvious output/return/format terms detected; consider specifying expected outputs

Warning

Total

13

/

16

Passed

Implementation

20%

This skill content describes what the pci-dss-validator plugin does conceptually but fails to provide actionable guidance on how to actually use it. There are no concrete commands, plugin invocation syntax, parameter options, or example outputs. The content is padded with explanatory text about when to use the skill and best practices that don't add operational value.

Suggestions

Add concrete plugin invocation syntax showing exact commands (e.g., `mcp__pci-dss-validator__scan(target_path="./src")`) with parameter descriptions

Include an example of actual plugin output or report format so Claude knows what to expect and how to interpret results

Remove or drastically condense the 'When to Use This Skill', 'Best Practices', and 'Integration' sections as they explain concepts Claude already understands

Add validation steps showing how to verify the scan completed successfully and how to handle common errors

DimensionReasoningScore

Conciseness

The content is verbose and explains concepts Claude already knows (what PCI DSS is, who uses it, general security practices). Sections like 'When to Use This Skill' and 'Best Practices' add little actionable value and pad the document unnecessarily.

1 / 3

Actionability

No concrete code, commands, or executable examples are provided. The examples describe what the skill 'will do' in abstract terms but never show actual plugin invocation syntax, command-line usage, or expected output formats.

1 / 3

Workflow Clarity

Steps are listed (Analyze, Run, Generate Report) but lack specifics on how to invoke the pci-dss-validator plugin, what parameters it accepts, or validation checkpoints. No error handling or feedback loops are mentioned.

2 / 3

Progressive Disclosure

Content is organized into sections but everything is inline in one file. There are no references to external documentation for detailed plugin options, report formats, or advanced configuration, though the content length might not strictly require it.

2 / 3

Total

6

/

12

Passed

Activation

90%

This is a well-structured skill description with strong completeness and distinctiveness. It clearly identifies when to use the skill with explicit trigger phrases and establishes a clear niche around PCI DSS compliance. The main weakness is that the specific capabilities could be more concrete - listing specific checks, outputs, or supported configuration types would strengthen the description.

Suggestions

Add more specific concrete actions such as 'scans for encryption requirements', 'validates access control configurations', or 'generates compliance reports' to improve specificity

DimensionReasoningScore

Specificity

Names the domain (PCI DSS compliance) and some actions ('assess codebases', 'identifies potential vulnerabilities', 'deviations from requirements'), but lacks specific concrete actions like what types of checks are performed or what outputs are generated.

2 / 3

Completeness

Clearly answers both what (uses pci-dss-validator plugin to assess codebases/infrastructure for PCI DSS compliance, identifies vulnerabilities) AND when (explicit 'Use this skill when...' clause with specific trigger phrases).

3 / 3

Trigger Term Quality

Includes excellent natural trigger terms users would say: 'validate PCI compliance', 'check PCI DSS', 'assess PCI security', 'review PCI standards', plus mentions 'cardholder data' and 'security controls' which are domain-relevant terms.

3 / 3

Distinctiveness Conflict Risk

Very clear niche focused specifically on PCI DSS compliance validation with distinct triggers like 'PCI compliance', 'PCI DSS', 'cardholder data' - unlikely to conflict with general security or other compliance skills.

3 / 3

Total

11

/

12

Passed

Reviewed

Table of Contents

ValidationImplementationActivation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill