vulnerability-report-generator
Vulnerability Report Generator - Auto-activating skill for Security Advanced. Triggers on: vulnerability report generator, vulnerability report generator Part of the Security Advanced skill category.
36
Quality
3%
Does it follow best practices?
Impact
100%
1.01xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/vulnerability-report-generator/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder that provides almost no useful information for skill selection. It repeats the skill name as trigger terms, describes no concrete capabilities, and offers no guidance on when to use it. The description appears auto-generated and fails to communicate what the skill actually does.
Suggestions
Add specific capabilities: describe what the skill does (e.g., 'Scans codebases for security vulnerabilities, identifies CVEs, and generates detailed remediation reports with severity ratings')
Add a 'Use when...' clause with natural trigger terms like 'security scan', 'find vulnerabilities', 'CVE check', 'security audit', 'penetration test report'
Remove the duplicate trigger term and replace with varied natural language users would actually say when needing this skill
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Vulnerability Report Generator') without describing any concrete actions. There are no specific capabilities listed like 'scans code', 'identifies CVEs', or 'generates remediation steps'. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name, and provides no 'when should Claude use it' guidance. The 'Triggers on' line just repeats the skill name rather than providing meaningful trigger scenarios. | 1 / 3 |
Trigger Term Quality | The trigger terms are just the skill name repeated twice ('vulnerability report generator, vulnerability report generator'). No natural user language variations like 'security scan', 'find vulnerabilities', 'CVE report', or 'security audit' are included. | 1 / 3 |
Distinctiveness Conflict Risk | While 'vulnerability report' is somewhat specific to security domain, the lack of detail about what kind of vulnerabilities (code, infrastructure, dependencies) or what the reports contain means it could overlap with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a placeholder with no actionable content. It describes what a vulnerability report generator skill should do but provides zero concrete guidance, templates, code, or workflows. Claude would gain nothing from this skill that it doesn't already know.
Suggestions
Add a concrete vulnerability report template with sections (Executive Summary, Findings, Risk Ratings, Remediation) and example content for each
Include a step-by-step workflow: 1. Gather findings, 2. Classify severity (with CVSS or similar), 3. Structure report, 4. Validate completeness
Provide executable code or commands for common tasks like parsing scan outputs, generating markdown/PDF reports, or integrating with tools like Nessus/Burp
Remove all generic boilerplate ('provides automated assistance', 'follows best practices') and replace with specific, actionable instructions
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler that waste tokens without adding value. | 1 / 3 |
Actionability | No concrete code, commands, examples, or specific guidance is provided. The skill describes what it claims to do but never shows how to actually generate a vulnerability report - no templates, formats, or executable steps. | 1 / 3 |
Workflow Clarity | There is no workflow defined at all. For a vulnerability report generator, there should be clear steps for gathering findings, structuring the report, severity classification, and output formatting - none of which are present. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of vague descriptions with no references to detailed materials, templates, or examples. There's no structure that would help Claude navigate to more specific information. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.