agent-v3-security-architect
Agent skill for v3-security-architect - invoke with $agent-v3-security-architect
Install with Tessl CLI
npx tessl i github:ruvnet/claude-flow --skill agent-v3-security-architect50
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillEvaluation — 93%
↑ 1.36xAgent success when using this skill
Validation for skill structure
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is severely deficient across all dimensions. It functions only as an invocation reference rather than a functional description, providing no information about capabilities, use cases, or trigger scenarios. Claude would have no basis for selecting this skill appropriately.
Suggestions
Add specific security architecture actions (e.g., 'Reviews system designs for security vulnerabilities, creates threat models, recommends authentication patterns')
Include a 'Use when...' clause with natural trigger terms like 'security review', 'threat model', 'authentication design', 'security architecture'
Remove or relocate the invocation syntax ('invoke with $agent-v3-security-architect') as it doesn't help with skill selection
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. 'Agent skill for v3-security-architect' is completely abstract and does not describe what the skill actually does. | 1 / 3 |
Completeness | Missing both 'what does this do' and 'when should Claude use it'. The description only provides invocation syntax without explaining capabilities or use cases. | 1 / 3 |
Trigger Term Quality | No natural keywords users would say. 'v3-security-architect' is technical jargon/internal naming, and 'invoke with $agent-v3-security-architect' is a command syntax, not a trigger term. | 1 / 3 |
Distinctiveness Conflict Risk | While the specific agent name is unique, the description provides no context about what security architecture tasks it handles, making it impossible to distinguish from other security-related skills. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a reasonable security architecture overview with some concrete code patterns, but functions more as a planning document than an actionable skill. It describes what needs to be done rather than providing executable guidance for how to do it. The CVE remediation sections list issues and actions but lack the specific implementation code Claude would need to execute fixes.
Suggestions
Add executable code snippets for each CVE fix (e.g., the actual bcrypt implementation, the dependency update command) rather than just describing the action
Include explicit validation steps after each security fix (e.g., 'Run npm audit to verify CVE-1 is resolved', 'Test password hashing with: ...')
Move the detailed secure patterns catalog to a separate SECURE-PATTERNS.md file and reference it, keeping SKILL.md as a concise overview
Replace the deliverables checklist with a sequenced workflow that includes verification commands at each step
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is reasonably efficient but includes some unnecessary structure like the ASCII diagram and verbose section headers. The hook scripts add bulk that could be trimmed, and some explanatory text (e.g., 'Complete Security Overhaul & Threat Modeling Specialist') is padding. | 2 / 3 |
Actionability | Provides concrete code examples for secure patterns (Zod validation, path sanitization, execFile), but the CVE fixes are described at a high level without executable remediation code. The deliverables are checklists rather than actionable steps Claude can execute. | 2 / 3 |
Workflow Clarity | Lists phases and timelines but lacks explicit validation checkpoints or feedback loops. For security-critical operations like CVE remediation, there's no 'validate -> fix -> verify' workflow. Steps are organized but not sequenced with verification gates. | 2 / 3 |
Progressive Disclosure | Content is structured with clear sections, but everything is inline in one file. References to deliverable documents (SECURITY-ARCHITECTURE.md, etc.) are mentioned as outputs to create, not as existing references to navigate to. Could benefit from splitting detailed patterns into separate files. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.