vulnerability-report-generator
Vulnerability Report Generator - Auto-activating skill for Security Advanced. Triggers on: vulnerability report generator, vulnerability report generator Part of the Security Advanced skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill vulnerability-report-generatorOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is essentially a placeholder that provides almost no useful information for skill selection. It repeats the skill name as trigger terms, describes no concrete capabilities, and offers no guidance on when to use it. The description would be nearly useless in a multi-skill environment where Claude needs to distinguish between options.
Suggestions
Add specific capabilities: describe what the skill actually does (e.g., 'Scans codebases for security vulnerabilities, identifies CVEs, assesses severity levels, and generates detailed remediation reports')
Replace duplicate trigger terms with natural user phrases like 'security scan', 'find vulnerabilities', 'CVE report', 'security audit', 'penetration test results'
Add an explicit 'Use when...' clause describing trigger scenarios (e.g., 'Use when the user needs to analyze code for security issues, generate vulnerability assessments, or create security compliance reports')
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Vulnerability Report Generator') without describing any concrete actions. There are no specific capabilities listed like 'scans code', 'identifies CVEs', or 'generates remediation steps'. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name, and provides no 'when should Claude use it' guidance. The 'Triggers on' line just repeats the skill name rather than providing meaningful trigger scenarios. | 1 / 3 |
Trigger Term Quality | The trigger terms are just the skill name repeated twice ('vulnerability report generator, vulnerability report generator'). No natural user keywords like 'security scan', 'CVE', 'security audit', 'find vulnerabilities', or 'penetration test' are included. | 1 / 3 |
Distinctiveness Conflict Risk | While 'vulnerability report' is somewhat specific to security domain, the lack of detail about what kind of vulnerabilities (code, infrastructure, web) or what the reports contain makes it potentially overlap with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill content is essentially a placeholder with no actionable information. It describes what a vulnerability report generator skill should do but provides absolutely no concrete guidance, code, templates, or workflows for actually generating vulnerability reports. The content would be useless for Claude attempting to help with this task.
Suggestions
Add a concrete vulnerability report template with sections (Executive Summary, Findings, Risk Ratings, Remediation) and example content
Include executable code or commands for common vulnerability scanning tools (nmap, nikto, etc.) and how to parse their output
Define a clear workflow: 1) Gather scan results 2) Classify findings by severity 3) Generate report sections 4) Validate completeness
Add example input (raw scan data) and expected output (formatted report section) to make the skill actionable
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that provides no actual value. Phrases like 'provides automated assistance' and 'follows industry best practices' are vague filler that Claude doesn't need. | 1 / 3 |
Actionability | There is zero concrete guidance - no code, no commands, no specific steps, no examples of actual vulnerability report formats or generation processes. The content only describes what the skill claims to do without showing how. | 1 / 3 |
Workflow Clarity | No workflow is defined at all. For a vulnerability report generator, there should be clear steps for scanning, analyzing, formatting findings, and generating reports. None of this is present. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of marketing-style text with no structure for actual use. No references to detailed documentation, templates, or examples are provided. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.