acunetix
Acunetix integration. Manage data, records, and automate workflows. Use when the user wants to interact with Acunetix data.
58
67%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/acunetix/SKILL.mdQuality
Discovery
57%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description relies heavily on the product name 'Acunetix' for differentiation but otherwise uses extremely generic language that could describe any integration. It lacks concrete actions specific to Acunetix (e.g., running vulnerability scans, managing scan targets, reviewing security findings) and misses natural trigger terms from the web application security domain.
Suggestions
Replace generic phrases like 'manage data, records, and automate workflows' with specific Acunetix actions such as 'run vulnerability scans, manage scan targets, retrieve scan results, and configure scan profiles'.
Add domain-specific trigger terms users would naturally say, such as 'vulnerability scan', 'web security', 'DAST', 'scan targets', 'security findings', or 'web application scanning'.
Expand the 'Use when' clause with specific scenarios like 'Use when the user mentions Acunetix, vulnerability scanning, web application security testing, or reviewing scan results'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague language like 'manage data, records, and automate workflows' without listing any concrete actions specific to Acunetix. These phrases could apply to virtually any integration tool. | 1 / 3 |
Completeness | It does answer both 'what' (manage data, records, automate workflows) and 'when' (when the user wants to interact with Acunetix data) with an explicit 'Use when' clause, even though both parts are vague. | 3 / 3 |
Trigger Term Quality | It includes 'Acunetix' as a key trigger term which is specific and useful, but lacks natural keywords users might say such as 'vulnerability scan', 'web security', 'scan results', 'targets', or 'DAST'. | 2 / 3 |
Distinctiveness Conflict Risk | The mention of 'Acunetix' provides some distinctiveness, but 'manage data, records, and automate workflows' is so generic it could overlap with any other integration skill. Without domain-specific terms like 'vulnerability scanning' or 'web application security', it's not clearly distinguishable. | 2 / 3 |
Total | 8 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable skill with clear executable commands and a well-structured connection workflow with proper state handling and feedback loops. Its main weaknesses are some unnecessary introductory explanation that Claude doesn't need, and a monolithic structure that could benefit from splitting detailed reference material into separate files. The entity overview section feels incomplete as it lists items without linking to actionable content.
Suggestions
Remove the introductory paragraph explaining what Acunetix is — Claude already knows this — and the bare entity list overview that doesn't link to actionable content.
Consider extracting the detailed connection state handling and proxy request documentation into separate reference files, with the SKILL.md providing a concise overview and links.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary explanation (e.g., 'Acunetix is a web application security scanner used to identify vulnerabilities like SQL injection and XSS') that Claude already knows. The overview section listing entities without actionable detail adds little value. However, the CLI commands and workflow steps are reasonably efficient. | 2 / 3 |
Actionability | The skill provides fully executable CLI commands for every step: installation, authentication, connection setup, action discovery, action execution, and proxy requests. Commands are copy-paste ready with clear parameter placeholders and a useful flags reference table. | 3 / 3 |
Workflow Clarity | The multi-step connection workflow is clearly sequenced with explicit state checks (READY, BUILDING, CLIENT_ACTION_REQUIRED, error states) and feedback loops (poll until ready, handle client actions, then proceed). The progression from install → authenticate → connect → discover actions → run actions is logical and well-structured. | 3 / 3 |
Progressive Disclosure | The content is reasonably organized with clear sections, but it's somewhat monolithic — the detailed connection state handling, proxy request documentation, and action discovery could be split into separate reference files. The overview section listing entities (Scans, Targets, Reports, etc.) promises structure but doesn't link to any deeper content. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- membranedev/application-skills
- Commit
f484c82
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.