agent-security-manager
Agent skill for security-manager - invoke with $agent-security-manager
Install with Tessl CLI
npx tessl i github:ruvnet/claude-flow --skill agent-security-manager40
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillEvaluation — 82%
↑ 1.54xAgent success when using this skill
Validation for skill structure
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is critically deficient across all dimensions. It provides only an invocation command without explaining what the skill does, when to use it, or what problems it solves. This would be nearly impossible for Claude to correctly select from a pool of available skills.
Suggestions
Add specific concrete actions the skill performs (e.g., 'Manages user permissions, audits access logs, configures firewall rules, scans for vulnerabilities')
Include a 'Use when...' clause with natural trigger terms users would say (e.g., 'Use when the user asks about security settings, access permissions, vulnerability scanning, or authentication issues')
Remove the invocation syntax from the description and replace with functional content that explains the skill's purpose and capabilities
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. 'Agent skill for security-manager' is completely abstract and does not describe what the skill actually does. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. It only provides invocation syntax ('invoke with $agent-security-manager') without any functional description or usage guidance. | 1 / 3 |
Trigger Term Quality | The only potential trigger term is 'security-manager' which is technical jargon, not a natural phrase users would say. No natural keywords like 'security', 'permissions', 'access control', etc. are included. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'security-manager' is vague and could overlap with many security-related skills. Without specific capabilities listed, there's no way to distinguish this from other security tools. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
27%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is excessively verbose, presenting hundreds of lines of illustrative but incomplete code that explains security concepts Claude already understands. It lacks the structure expected of a skill file - no progressive disclosure, no external references, and no clear validation workflows. The content would be better suited as reference documentation split across multiple files with SKILL.md serving as a concise overview.
Suggestions
Reduce SKILL.md to a concise overview (under 100 lines) with quick-start examples and links to separate reference files (e.g., THRESHOLD_SIGNATURES.md, ATTACK_DETECTION.md, KEY_MANAGEMENT.md)
Make code examples complete and executable - either provide full working implementations or use pseudocode with clear 'adapt to your implementation' notes
Add explicit validation checkpoints to security workflows, especially for key generation and rotation (e.g., 'Verify all participants acknowledged before proceeding')
Remove explanatory content about what attacks are (Byzantine, Sybil, etc.) - Claude knows these concepts; focus only on this system's specific detection/mitigation patterns
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at 500+ lines with extensive code that explains concepts Claude already knows (cryptography basics, attack types). Much of this could be condensed to key patterns and references to external documentation. | 1 / 3 |
Actionability | Contains concrete JavaScript code examples, but they are incomplete implementations (missing helper methods, undefined classes like EllipticCurve, BehaviorAnalyzer). Code is illustrative rather than truly executable copy-paste ready. | 2 / 3 |
Workflow Clarity | Multi-step processes like DKG have numbered phases, but lack explicit validation checkpoints and error recovery steps. No clear 'if this fails, do that' guidance for security-critical operations. | 2 / 3 |
Progressive Disclosure | Monolithic wall of code with no references to external files. All content is inline despite being far too long for a SKILL.md overview. No navigation structure or links to separate reference materials. | 1 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (627 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.