CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

waf-rule-creator

Waf Rule Creator - Auto-activating skill for Security Advanced. Triggers on: waf rule creator, waf rule creator Part of the Security Advanced skill category.

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill waf-rule-creator
What are skills?

Overall
score

19%

Review4%

Does it follow best practices?

Validation11 / 16 Passed

Validation for skill structure

SKILL.md
Review
Evals

Activation

7%

This description is essentially a placeholder that provides almost no useful information for skill selection. It only states the skill name and category without explaining what the skill actually does, what actions it can perform, or when Claude should select it. The repeated trigger term suggests auto-generated content without human refinement.

Suggestions

Add specific capabilities: describe concrete actions like 'Creates WAF rules for AWS/Cloudflare/Azure, configures IP blocking, sets up rate limiting, defines custom rule conditions'

Add a 'Use when...' clause with natural trigger terms: 'Use when the user needs to create firewall rules, block malicious traffic, configure web application firewall policies, or protect web applications from attacks'

Include platform-specific keywords users might mention: 'AWS WAF', 'Cloudflare firewall', 'ModSecurity', 'OWASP rules', 'SQL injection protection'

DimensionReasoningScore

Specificity

The description only names the skill ('Waf Rule Creator') without describing any concrete actions. There are no specific capabilities listed like 'create firewall rules', 'block IP addresses', or 'configure rate limiting'.

1 / 3

Completeness

The description fails to answer 'what does this do' beyond the name, and provides no 'when should Claude use it' guidance. The 'Triggers on' section just repeats the skill name rather than describing use cases.

1 / 3

Trigger Term Quality

The only trigger terms listed are 'waf rule creator' repeated twice, which is the skill name itself. Missing natural user terms like 'firewall', 'block traffic', 'security rules', 'web application firewall', or 'rate limit'.

1 / 3

Distinctiveness Conflict Risk

While 'WAF' is a specific domain (Web Application Firewall), the lack of detail about what kind of WAF rules or platforms (AWS WAF, Cloudflare, etc.) could cause overlap with other security-related skills.

2 / 3

Total

5

/

12

Passed

Implementation

0%

This skill is essentially a placeholder with no substantive content. It describes what a WAF rule creator skill should do without providing any actual guidance on creating WAF rules. There are no code examples, no rule syntax, no platform-specific instructions (AWS WAF, Cloudflare, ModSecurity, etc.), and no actionable information whatsoever.

Suggestions

Add concrete WAF rule examples for at least one platform (e.g., AWS WAF JSON rules, ModSecurity rules, or Cloudflare expressions) with executable, copy-paste ready syntax

Define a clear workflow: identify threat -> write rule -> test rule -> validate no false positives -> deploy, with specific validation steps

Remove all generic boilerplate ('provides automated assistance', 'follows best practices') and replace with actual rule patterns for common attacks (SQLi, XSS, path traversal)

Add references to platform-specific documentation or separate files for different WAF platforms if covering multiple

DimensionReasoningScore

Conciseness

The content is padded with generic boilerplate that provides no actual value. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler that Claude doesn't need.

1 / 3

Actionability

There is zero concrete guidance on how to actually create WAF rules. No code examples, no rule syntax, no specific commands or configurations - just vague descriptions of what the skill supposedly does.

1 / 3

Workflow Clarity

No workflow is defined at all. The skill claims to provide 'step-by-step guidance' but contains no actual steps, no validation checkpoints, and no process for creating WAF rules.

1 / 3

Progressive Disclosure

The content is a monolithic block of generic text with no structure pointing to detailed materials. No references to specific WAF platforms, rule syntax documentation, or examples files.

1 / 3

Total

4

/

12

Passed

Validation

69%

Validation11 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

description_trigger_hint

Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...')

Warning

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

metadata_version

'metadata' field is not a dictionary

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

body_steps

No step-by-step structure detected (no ordered list); consider adding a simple workflow

Warning

Total

11

/

16

Passed

Reviewed

Table of Contents

ActivationImplementationValidation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill