pt-scanning

Performs authorized security scanning using static, dynamic, and vulnerability-focused methods. Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation.

1.36x

Quality

51%

Does it follow best practices?

Impact

100%

1.36x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Fix and improve this skill with Tessl

tessl review fix ./skills/pt-scanning/SKILL.md

Quality

Content

35%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill reads more like a high-level methodology checklist than an actionable skill for Claude. Its main weakness is the complete absence of concrete tools, commands, or executable examples—Claude is told to 'run discovery and service profiling' but never shown how. The workflow structure is decent but lacks validation checkpoints between phases, and the output template is a useful addition though it inflates the document.

Suggestions

Add concrete tool commands and examples (e.g., specific nmap scan flags, nuclei commands, nikto invocations) for each workflow step to make the skill actionable rather than abstract.

Insert explicit validation checkpoints between workflow steps, such as 'Verify scan completed without errors and coverage matches scope before proceeding to vulnerability scanning.'

Consider splitting the output template into a separate referenced file (e.g., SCAN_REPORT_TEMPLATE.md) to keep the main skill lean and improve progressive disclosure.

Specify default conservative scan settings (e.g., rate limits, timing templates) so Claude has concrete fallback parameters when aggressiveness is unknown.

Dimension	Reasoning	Score
Conciseness	The content is reasonably efficient and doesn't over-explain basic concepts, but some sections like 'Objectives' restate what's implicit in the workflow. The output template, while useful, adds bulk that could be more compact.	2 / 3
Actionability	The skill provides no concrete commands, tool names, code snippets, or executable examples. It describes what to do at a high level ('Host/port/service enumeration with safe rate limits') without specifying how—no nmap commands, no nuclei templates, no specific tool invocations. This is abstract guidance rather than actionable instruction.	1 / 3
Workflow Clarity	Steps are listed in a logical sequence and the workflow is segmented by phase, but there are no explicit validation checkpoints or feedback loops between steps. For a multi-step process involving potentially destructive scanning operations, the lack of 'verify before proceeding' gates is a notable gap.	2 / 3
Progressive Disclosure	The content has reasonable section structure (workflow, output template, quality checks), but everything is inline in a single file with no references to supplementary materials. The output template could be a separate file, and tool-specific guidance could be linked rather than absent.	2 / 3
	Total	7 / 12 Passed

Description

67%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description has a solid structure with an explicit 'Use when' clause that clearly separates what the skill does from when to use it. However, it operates at a fairly abstract level, naming categories of scanning methods rather than specific tools or actions, and its trigger terms lean toward professional security jargon rather than the natural language users would employ when requesting security assessments.

Suggestions

Add specific concrete actions such as 'run port scans, enumerate services, check for known CVEs, fuzz web endpoints, analyze source code for vulnerabilities'

Include more natural user trigger terms like 'pentest', 'port scan', 'nmap', 'CVE', 'OWASP', 'web app security', 'attack surface' to improve keyword coverage

Dimension	Reasoning	Score
Specificity	It names the domain (security scanning) and mentions methods (static, dynamic, vulnerability-focused), but doesn't list specific concrete actions like 'run nmap scans, fuzz endpoints, check CVE databases'. The actions are described at a category level rather than listing discrete operations.	2 / 3
Completeness	Clearly answers both 'what' (performs authorized security scanning using static, dynamic, and vulnerability-focused methods) and 'when' (Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation). The 'Use when' clause is explicit with specific trigger scenarios.	3 / 3
Trigger Term Quality	Includes some relevant terms like 'security scanning', 'vulnerability', 'exposed services', but misses many natural user terms like 'pentest', 'port scan', 'nmap', 'CVE', 'exploit', 'OWASP', 'web app security', '.nse scripts'. The language leans more toward professional jargon than what a user would naturally type.	2 / 3
Distinctiveness Conflict Risk	The security scanning niche is reasonably distinct, but 'static analysis' could overlap with code quality/linting skills, and 'profiling application behavior' could overlap with performance profiling or monitoring skills. The description could be more precise about the security-specific nature of each method to reduce conflict risk.	2 / 3
	Total	9 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: santosomar/ethical-hacking-agent-skills
Commit: 9976e81

Reviewed: 2 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.