pt-scanning
Performs authorized security scanning using static, dynamic, and vulnerability-focused methods. Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation.
87
80%
Does it follow best practices?
Impact
100%
1.36xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/pt-scanning/SKILL.mdQuality
Discovery
75%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description has good structure with an explicit 'Use when...' clause and covers a distinct security scanning niche. However, it relies on somewhat abstract terminology rather than concrete actions and misses common user trigger terms like 'pentest', 'security audit', or 'CVE scan'. The description would benefit from more specific actions and natural language keywords.
Suggestions
Add common user trigger terms like 'pentest', 'penetration testing', 'security audit', 'port scan', 'CVE', 'OWASP' to improve discoverability
Replace abstract phrases with concrete actions like 'run port scans with nmap', 'test for SQL injection', 'check for known CVEs', 'analyze network traffic'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security scanning) and mentions methods (static, dynamic, vulnerability-focused), but the specific actions are somewhat abstract - 'mapping exposed services', 'profiling application behavior', and 'identifying known weaknesses' are categories rather than concrete tool-level actions like 'run nmap scans' or 'execute SQL injection tests'. | 2 / 3 |
Completeness | Clearly answers both what (performs security scanning using static, dynamic, and vulnerability-focused methods) and when (Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation). Has explicit 'Use when...' clause with trigger scenarios. | 3 / 3 |
Trigger Term Quality | Includes some relevant terms like 'security scanning', 'vulnerability', and 'exposed services', but misses common user phrases like 'pentest', 'pen testing', 'security audit', 'CVE', 'port scan', 'OWASP', or 'exploit'. Users might not naturally say 'profiling application behavior'. | 2 / 3 |
Distinctiveness Conflict Risk | Security scanning is a clear niche that wouldn't overlap with general coding, document processing, or other common skills. The combination of 'authorized security scanning', 'vulnerability', and 'exposed services' creates a distinct profile unlikely to conflict with other skills. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, concise skill that clearly defines the pen testing scanning workflow with appropriate safety constraints and output expectations. The main weakness is the lack of concrete, executable examples—the guidance describes what to do conceptually but doesn't provide specific tool commands or code that Claude could directly execute.
Suggestions
Add concrete tool examples for each scan type (e.g., 'nmap -sV -sC --top-ports 1000 -T3 target' for service enumeration, specific nuclei/nikto commands for vulnerability scanning)
Include a brief example of a completed finding entry in the output template to clarify expected detail level
Add specific rate-limit values or flags for 'conservative settings' to make the safety guidance actionable
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, assuming Claude understands security concepts without explaining what CVEs, ports, or vulnerability scanning are. Every section serves a purpose with no padding. | 3 / 3 |
Actionability | Provides clear workflow steps and output templates, but lacks concrete executable commands or tool-specific examples. Steps like 'Host/port/service enumeration' describe what to do without showing how (e.g., specific nmap commands or tool invocations). | 2 / 3 |
Workflow Clarity | Clear 5-step workflow with logical sequencing from preparation through triage. Includes validation checkpoints (quality checks section) and explicit handoff criteria. The false positive queue creates a feedback loop for verification. | 3 / 3 |
Progressive Disclosure | For a skill of this size (~60 lines), the content is well-organized with clear sections. No external references are needed given the scope, and the structure (objectives → workflow → template → checks) enables easy navigation. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- santosomar/ethical-hacking-agent-skills
- Commit
a8ff73a
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.