agent-security-manager
Agent skill for security-manager - invoke with $agent-security-manager
31
0%
Does it follow best practices?
Impact
82%
1.54xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./.agents/skills/agent-security-manager/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an extremely weak description that provides virtually no useful information for skill selection. It only names the skill and its invocation command without describing any capabilities, use cases, or trigger conditions. It fails on every dimension of the rubric.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Scans code for vulnerabilities, manages access permissions, audits security configurations, reviews dependency risks.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about security vulnerabilities, access control, permission management, CVEs, or security audits.'
Replace the invocation instruction ('invoke with $agent-security-manager') with functional description content — invocation syntax is not useful for skill selection.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. 'Agent skill for security-manager' is entirely vague and does not describe what the skill actually does. | 1 / 3 |
Completeness | Neither 'what does this do' nor 'when should Claude use it' is answered. The description only states it's an agent skill and how to invoke it, providing no functional or contextual information. | 1 / 3 |
Trigger Term Quality | The only keyword is 'security-manager', which is a tool name rather than a natural term a user would say. There are no natural language trigger terms like 'vulnerability', 'security audit', 'permissions', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The description is so generic that 'security-manager' could overlap with any security-related skill. There are no distinct triggers or specific capabilities to differentiate it. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an extremely verbose, non-actionable collection of pseudocode class definitions that describe security concepts Claude already understands. It provides no executable code, no clear workflow for Claude to follow, and no practical instructions for actually implementing or invoking security operations. The content reads more like an architectural design document than a skill that teaches Claude how to perform specific tasks.
Suggestions
Replace pseudocode class definitions with a concise workflow: what specific steps should Claude take when asked to implement security for a consensus protocol, with concrete executable examples.
Remove explanations of concepts Claude already knows (cryptographic primitives, attack types) and focus only on project-specific conventions, tool invocations, or unique implementation details.
Add clear step-by-step workflows with validation checkpoints, e.g., '1. Generate keys using X command, 2. Verify with Y, 3. If verification fails, do Z'.
Split detailed reference material (attack detection patterns, key management protocols) into separate files and keep SKILL.md as a concise overview with navigation links.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~500+ lines of code. Most of the code is illustrative pseudocode-style JavaScript with placeholder methods (e.g., `this.generateSecureRandom()`, `this.curve.multiply()`) that aren't executable. Claude already understands cryptographic concepts, attack types, and key management patterns—this explains rather than instructs. | 1 / 3 |
Actionability | Despite the volume of code, none of it is executable. Classes reference undefined dependencies (EllipticCurve, BehaviorAnalyzer, ReputationSystem, etc.), methods call unimplemented functions, and there are no concrete commands or steps Claude can actually follow. This is architectural pseudocode, not actionable guidance. | 1 / 3 |
Workflow Clarity | There is no clear workflow or sequence of steps for Claude to follow. The content presents class definitions and method signatures but never tells Claude what to do, in what order, or how to validate results. No validation checkpoints or error recovery flows are defined as operational steps. | 1 / 3 |
Progressive Disclosure | The entire content is a monolithic wall of code with no references to external files, no clear navigation structure, and no separation between overview and detailed content. Everything is dumped inline with no hierarchy or signposting for different use cases. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (627 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Repository
- ruvnet/claude-flow
- Commit
f547cec
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.