agent-security-manager

Agent skill for security-manager - invoke with $agent-security-manager

1.54x

Quality

—

Does it follow best practices?

Impact

82%

1.54x

Average score across 3 eval scenarios

Securityby

Advisory

Suggest reviewing before use

Quality

Content

42%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content provides substantive, domain-relevant code across threshold cryptography, attack detection, and key management, but it is a monolithic, non-executable code dump lacking workflow checkpoints and any progressive disclosure structure. It should be split into reference files with a concise overview and made executable.

Suggestions

Move the large class implementations into reference files (e.g. references/threshold-signatures.md, references/attack-detection.md) and keep SKILL.md a concise overview with one-level-deep links.

Either provide executable, dependency-resolved code or explicitly label stubbed helpers (generateSecretPolynomial, EllipticCurve, etc.) and note how to implement them.

Add explicit validation checkpoints and feedback loops for risky operations such as key rotation and backup recovery (verify -> on failure fix -> retry).

Dimension	Reasoning	Score
Conciseness	The body is a dense ~600-line dump of full class implementations; while it is code rather than concept-explanation fluff, the sheer volume and inline commentary could be tightened, so it is mostly efficient but padded rather than lean.	2 / 3
Actionability	The code looks concrete but is not executable as written, relying on many undefined helpers (e.g. generateSecretPolynomial, EllipticCurve, BehaviorAnalyzer, this.curve methods), which matches the pseudocode/incomplete anchor rather than copy-paste-ready level.	2 / 3
Workflow Clarity	Content is organized by component sections but presents no sequenced multi-step workflow with validation checkpoints, and there are no validate-then-fix feedback loops despite destructive/batch operations like key rotation, so it is structured but checkpoint-deficient.	2 / 3
Progressive Disclosure	The entire skill is a monolithic inline wall of code with no bundle files (references/, scripts/, assets/ absent) and no one-level-deep references, matching the monolithic/poor-organization anchor.	1 / 3
	Total	7 / 12 Passed

Description

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is a minimal meta-stub that names the skill but conveys no concrete capabilities, natural trigger terms, or usage guidance, making it unlikely to be selected appropriately. It needs to be rewritten to state specific actions and explicit "Use when..." conditions.

Suggestions

Replace the meta phrasing with concrete actions, e.g. "Detects Byzantine, Sybil, and Eclipse attacks, manages threshold signatures and distributed key rotation for consensus protocols."

Add an explicit "Use when..." trigger clause listing natural terms users would say (e.g. consensus security, Byzantine fault detection, threshold signatures, key rotation).

Make the skill distinguishable by naming its niche (distributed consensus protocol security) so it does not collide with generic security skills.

Dimension	Reasoning	Score
Specificity	The description "Agent skill for security-manager - invoke with $agent-security-manager" names only the domain and offers no concrete actions, matching the vague/abstract anchor ("Helps with documents") rather than the multi-action level.	1 / 3
Completeness	It neither states concretely what the skill does nor provides any "Use when..." trigger, so both the what and the when are weak or missing; it is not a 2 because there is no clear "what" action list.	1 / 3
Trigger Term Quality	It contains only meta/invocation jargon ("invoke with $agent-security-manager") and no natural keywords a user would say when they need this skill, matching the no-natural-keywords anchor.	1 / 3
Distinctiveness Conflict Risk	The generic "security-manager" label with no distinct triggers would overlap with many other security-related skills, matching the very-generic/conflict-prone anchor.	1 / 3
	Total	4 / 12 Passed

Validation

93%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 15 / 16 Passed

Validation for skill structure

Criteria	Description	Result
skill_md_line_count	SKILL.md is long (627 lines); consider splitting into references/ and linking	Warning

	Total	15 / 16 Passed

Repository: ruvnet/claude-flow
Commit: 03d4f84

Reviewed: 2 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.