pt-scanning
Performs authorized security scanning using static, dynamic, and vulnerability-focused methods. Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation.
68
51%
Does it follow best practices?
Impact
100%
1.36xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/pt-scanning/SKILL.mdQuality
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description has a solid structure with an explicit 'Use when' clause that clearly separates what the skill does from when to use it. However, it operates at a fairly abstract level, naming categories of scanning methods rather than specific tools or actions, and its trigger terms lean toward professional security jargon rather than the natural language users would employ when requesting security assessments.
Suggestions
Add specific concrete actions such as 'run port scans, enumerate services, check for known CVEs, fuzz web endpoints, analyze source code for vulnerabilities'
Include more natural user trigger terms like 'pentest', 'port scan', 'nmap', 'CVE', 'OWASP', 'web app security', 'attack surface' to improve keyword coverage
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | It names the domain (security scanning) and mentions methods (static, dynamic, vulnerability-focused), but doesn't list specific concrete actions like 'run nmap scans, fuzz endpoints, check CVE databases'. The actions are described at a category level rather than listing discrete operations. | 2 / 3 |
Completeness | Clearly answers both 'what' (performs authorized security scanning using static, dynamic, and vulnerability-focused methods) and 'when' (Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation). The 'Use when' clause is explicit with specific trigger scenarios. | 3 / 3 |
Trigger Term Quality | Includes some relevant terms like 'security scanning', 'vulnerability', 'exposed services', but misses many natural user terms like 'pentest', 'port scan', 'nmap', 'CVE', 'exploit', 'OWASP', 'web app security', '.nse scripts'. The language leans more toward professional jargon than what a user would naturally type. | 2 / 3 |
Distinctiveness Conflict Risk | The security scanning niche is reasonably distinct, but 'static analysis' could overlap with code quality/linting skills, and 'profiling application behavior' could overlap with performance profiling or monitoring skills. The description could be more precise about the security-specific nature of each method to reduce conflict risk. | 2 / 3 |
Total | 9 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a high-level methodology checklist than an actionable skill for Claude. Its main weakness is the complete absence of concrete tools, commands, or executable examples—Claude is told to 'run discovery and service profiling' but never shown how. The workflow structure is decent but lacks validation checkpoints between phases, and the output template is a useful addition though it inflates the document.
Suggestions
Add concrete tool commands and examples (e.g., specific nmap scan flags, nuclei commands, nikto invocations) for each workflow step to make the skill actionable rather than abstract.
Insert explicit validation checkpoints between workflow steps, such as 'Verify scan completed without errors and coverage matches scope before proceeding to vulnerability scanning.'
Consider splitting the output template into a separate referenced file (e.g., SCAN_REPORT_TEMPLATE.md) to keep the main skill lean and improve progressive disclosure.
Specify default conservative scan settings (e.g., rate limits, timing templates) so Claude has concrete fallback parameters when aggressiveness is unknown.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is reasonably efficient and doesn't over-explain basic concepts, but some sections like 'Objectives' restate what's implicit in the workflow. The output template, while useful, adds bulk that could be more compact. | 2 / 3 |
Actionability | The skill provides no concrete commands, tool names, code snippets, or executable examples. It describes what to do at a high level ('Host/port/service enumeration with safe rate limits') without specifying how—no nmap commands, no nuclei templates, no specific tool invocations. This is abstract guidance rather than actionable instruction. | 1 / 3 |
Workflow Clarity | Steps are listed in a logical sequence and the workflow is segmented by phase, but there are no explicit validation checkpoints or feedback loops between steps. For a multi-step process involving potentially destructive scanning operations, the lack of 'verify before proceeding' gates is a notable gap. | 2 / 3 |
Progressive Disclosure | The content has reasonable section structure (workflow, output template, quality checks), but everything is inline in a single file with no references to supplementary materials. The output template could be a separate file, and tool-specific guidance could be linked rather than absent. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- santosomar/ethical-hacking-agent-skills
- Commit
9976e81
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.