validating-pci-dss-compliance
This skill uses the pci-dss-validator plugin to assess codebases and infrastructure configurations for compliance with the Payment Card Industry Data Security Standard (PCI DSS). It identifies potential vulnerabilities and deviations from PCI DSS requirements. Use this skill when the user requests to "validate PCI compliance", "check PCI DSS", "assess PCI security", or "review PCI standards" for a given project or configuration. It helps ensure that systems handling cardholder data meet the necessary security controls.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill validating-pci-dss-compliance86
Quality
55%
Does it follow best practices?
Impact
89%
1.08xAverage score across 12 eval scenarios
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/pci-dss-validator/skills/pci-dss-validator/SKILL.mdDiscovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description with excellent trigger terms and completeness. It clearly defines when to use the skill with explicit trigger phrases and establishes a distinct niche around PCI DSS compliance. The main weakness is that the specific capabilities could be more concrete - listing specific checks, report types, or outputs would strengthen the specificity dimension.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (PCI DSS compliance) and some actions ('assess codebases', 'identifies potential vulnerabilities', 'deviations from requirements'), but lacks specific concrete actions like listing particular checks or outputs. | 2 / 3 |
Completeness | Clearly answers both what (uses pci-dss-validator plugin to assess codebases/infrastructure for PCI DSS compliance, identifies vulnerabilities) AND when (explicit 'Use this skill when...' clause with specific trigger phrases). | 3 / 3 |
Trigger Term Quality | Includes excellent natural trigger terms users would say: 'validate PCI compliance', 'check PCI DSS', 'assess PCI security', 'review PCI standards', plus domain terms like 'cardholder data' and 'security controls'. | 3 / 3 |
Distinctiveness Conflict Risk | Very clear niche focused specifically on PCI DSS compliance validation with distinct triggers; unlikely to conflict with general security or compliance skills due to the specific 'PCI' terminology throughout. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
20%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is descriptive rather than instructive, explaining what the skill does conceptually without providing any executable commands or concrete examples. It lacks the actionable guidance Claude needs to actually invoke the pci-dss-validator plugin, and wastes tokens on explanations of when/why to use the skill rather than how.
Suggestions
Add concrete plugin invocation syntax showing exact commands (e.g., `pci-dss-validator scan --target ./src --output report.json`)
Replace abstract 'The skill will...' examples with actual input/output examples showing command execution and sample report output
Remove the 'Overview', 'When to Use', and 'Best Practices' sections - this context belongs in the YAML description, not the body
Add validation steps showing how to verify the plugin ran successfully and how to interpret/act on specific error codes
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what PCI DSS is, who uses it, general workflow descriptions). Sections like 'How It Works' and 'When to Use This Skill' describe rather than instruct, padding the content unnecessarily. | 1 / 3 |
Actionability | No concrete commands, code, or executable guidance is provided. The examples describe what the skill 'will do' abstractly but never show actual plugin invocation syntax, command-line usage, or expected output formats. | 1 / 3 |
Workflow Clarity | Steps are listed in a logical sequence (analyze, run, report), but there are no validation checkpoints, no error handling guidance, and no concrete commands showing how to actually execute each step. | 2 / 3 |
Progressive Disclosure | Content is organized into sections, but everything is inline with no references to external documentation. The 'Integration' section hints at other tools but provides no links or concrete guidance. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.