aikido-security
Aikido Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Aikido Security data.
61
52%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/aikido-security/SKILL.mdQuality
Discovery
40%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description follows a template pattern that names the integration but fails to explain what Aikido Security actually does or what specific actions are available. The vague 'manage data, records, and automate workflows' language provides no meaningful information about the skill's capabilities. While it includes a 'Use when' clause, the trigger is too generic to help Claude distinguish when this skill is appropriate.
Suggestions
Replace generic 'manage data, records, and automate workflows' with specific Aikido Security capabilities (e.g., 'View security vulnerabilities, manage findings, track remediation status').
Add natural trigger terms users would say when needing security scanning, such as 'vulnerabilities', 'security issues', 'code scanning', 'SAST', 'dependency vulnerabilities'.
Expand the 'Use when' clause with specific scenarios like 'Use when the user asks about security vulnerabilities, wants to review scan results, or needs to manage security findings'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague language like 'Manage data, records, and automate workflows' without specifying concrete actions. It doesn't explain what specific capabilities exist (e.g., scan vulnerabilities, review security findings, manage issues). | 1 / 3 |
Completeness | Has a 'Use when...' clause which addresses the 'when' question, but the 'what' is extremely vague ('manage data, records, and automate workflows' could apply to almost any integration). The trigger guidance is also generic ('interact with Aikido Security data'). | 2 / 3 |
Trigger Term Quality | Includes 'Aikido Security' as a specific product name which is a good trigger term, but lacks natural variations users might say like 'security scan', 'vulnerabilities', 'security issues', or 'code security'. | 2 / 3 |
Distinctiveness Conflict Risk | The specific product name 'Aikido Security' provides some distinctiveness, but 'manage data, records, and automate workflows' is boilerplate language that could apply to dozens of integrations, creating potential overlap. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides solid actionable CLI commands for Aikido Security integration via Membrane, with good coverage of connection setup, action discovery, and proxy requests. However, it wastes tokens on unnecessary platform description, lacks error handling/validation guidance, and the entity overview section is too sparse to be useful.
Suggestions
Remove or drastically shorten the opening paragraph explaining what Aikido Security is - Claude doesn't need this context
Add error handling guidance: what to do if connection fails, if actions return errors, or if authentication expires
Either expand the entity overview section with actionable details or remove it entirely - the current bullet list provides no useful guidance
Add a validation step after connection creation to confirm it succeeded before proceeding to actions
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The opening paragraph explaining what Aikido Security is wastes tokens on context Claude doesn't need. The CLI setup and authentication sections are reasonably efficient, but the overview section with bullet points adds little value. | 2 / 3 |
Actionability | Provides fully executable CLI commands throughout with clear syntax examples. Commands are copy-paste ready with proper flags and JSON output options. The proxy request section includes a useful options table. | 3 / 3 |
Workflow Clarity | Steps are listed for connection setup and action discovery, but lacks validation checkpoints. No guidance on error handling or what to do if commands fail. The workflow for checking existing connections vs creating new ones could be clearer. | 2 / 3 |
Progressive Disclosure | Content is reasonably organized with clear sections, but everything is inline in one file. The entity overview section (Finding, Repository, User) is cryptic and unhelpful. Could benefit from linking to separate reference docs for the proxy options table. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- membranedev/application-skills
- Commit
d19a82b
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.