plugin-installer
Install validated Codex plugins from trusted sources with quarantine validation, provenance, and rollback. Use when distribution and installation are the primary goals.
44
44%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./Plugins/plugin-factory/fixtures/budget-archive/2026-04-21/deferred-store/skills/infrastructure_ops/plugin-installer/SKILL.mdQuality
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description adequately communicates its purpose and includes an explicit 'Use when' clause, which is a strength. However, it relies on somewhat jargon-heavy terms ('quarantine validation', 'provenance') that reduce trigger term quality, and the specific capabilities could be more concretely enumerated. The distinctiveness is moderate — it would benefit from sharper differentiation from general plugin or package management skills.
Suggestions
Replace jargon like 'quarantine validation' and 'provenance' with more natural user-facing terms, e.g., 'verify plugin integrity', 'check plugin source/origin', 'sandbox testing before install'.
Expand trigger terms in the 'Use when' clause with natural phrases users might say, e.g., 'Use when the user wants to add, install, deploy, or update Codex plugins, or manage plugin versions and rollbacks.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (Codex plugins) and several actions (install, quarantine validation, provenance, rollback), but these are somewhat abstract — 'quarantine validation' and 'provenance' are not concrete user-facing actions. It doesn't list specific step-by-step capabilities like 'verify plugin signatures, sandbox test before install, maintain version history for rollback.' | 2 / 3 |
Completeness | Clearly answers both 'what' (install validated Codex plugins with quarantine validation, provenance, and rollback) and 'when' ('Use when distribution and installation are the primary goals'). The 'Use when...' clause is explicit, though it could be more detailed about trigger scenarios. | 3 / 3 |
Trigger Term Quality | Includes some relevant terms like 'install', 'plugins', 'rollback', and 'distribution', but uses specialized jargon ('quarantine validation', 'provenance') that users are unlikely to naturally say. Missing common variations like 'add plugin', 'plugin setup', 'deploy plugin', or 'uninstall'. | 2 / 3 |
Distinctiveness Conflict Risk | The description is fairly specific to Codex plugin installation, but terms like 'plugins', 'install', and 'distribution' could overlap with other plugin management or package installation skills. The qualifier 'from trusted sources' and 'quarantine validation' help somewhat, but the niche isn't razor-sharp. | 2 / 3 |
Total | 9 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like an abstract specification or routing document than an actionable guide. It defines boundaries, anti-patterns, and failure modes well, but critically lacks any concrete executable steps, code examples, or input/output schemas in the body itself. The near-total delegation of workflow details to external references (which aren't available) leaves Claude without enough information to actually perform the task from the SKILL.md alone.
Suggestions
Add a concrete, step-by-step workflow summary in the body (even if abbreviated) showing the install sequence: fetch → quarantine → validate → install → verify visibility → record rollback artifacts, with specific commands or code for each step.
Include at least one complete input/output example showing the expected JSON return structure with actual field values, not just field names.
Replace the natural language 'Examples' section with a concrete scenario showing actual commands, file paths, and expected outputs (e.g., a pinned GitHub ref install with the validation output).
Trim abstract framing language ('context-disposition policy', 'OpenAI-style plugin design contract') and replace with direct, actionable instructions or inline the key rules from those contracts.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is moderately efficient but includes some vague, abstract phrasing ('OpenAI-style plugin design contract', 'context-disposition policy') and conceptual framing that doesn't add concrete value. Some sections like 'Philosophy' and parts of 'Execution Boundaries' are padded with abstract language rather than actionable specifics. | 2 / 3 |
Actionability | The skill lacks any concrete, executable code, commands, or specific examples. The 'Examples' section contains only natural language descriptions of tasks, not actual input/output pairs or executable steps. The workflow delegates entirely to an external file ('references/workflow.md') without providing even a summary of concrete steps. The validation bash command is the only executable snippet. | 1 / 3 |
Workflow Clarity | The workflow section simply says 'Use the staged install protocol in references/workflow.md' without describing any steps. For a skill involving destructive/write operations (installation, rollback), there are no explicit sequenced steps or validation checkpoints in the body itself. The failure modes and anti-patterns are listed but not integrated into a clear workflow sequence. | 1 / 3 |
Progressive Disclosure | The skill references multiple external files (workflow.md, contract.yaml, evals.yaml, task-profile.json) with clear signaling, which is good structure. However, no bundle files were provided, so we can't verify these references exist. The body itself is too thin — it delegates almost all substantive content to references, making the SKILL.md feel like a table of contents rather than a useful overview with actionable quick-start content. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
Total | 10 / 11 Passed | |
- Repository
- jscraik/Agent-Skills
- Commit
4c78f98
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.