patch-advisor
Recommends the specific code change to remediate a detected vulnerability by dispatching on CWE to the matching Project CodeGuard rule's prescribed fix pattern. Use after a finding has been confirmed and located, when the user asks how to fix a vulnerability, or when generating remediation PRs.
Install with Tessl CLI
npx tessl i github:santosomar/general-secure-coding-agent-skills --skill patch-advisor94
Quality
92%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It clearly specifies the concrete action (recommending code changes based on CWE patterns), includes natural trigger terms users would use, explicitly states when to use it with multiple trigger scenarios, and carves out a distinct niche that won't conflict with other security or code-related skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists specific concrete actions: 'Recommends the specific code change to remediate a detected vulnerability', 'dispatching on CWE', 'matching Project CodeGuard rule's prescribed fix pattern'. These are concrete, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both what ('Recommends the specific code change to remediate a detected vulnerability by dispatching on CWE') AND when ('Use after a finding has been confirmed and located, when the user asks how to fix a vulnerability, or when generating remediation PRs'). | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'fix a vulnerability', 'remediation PRs', 'CWE', 'code change', 'finding'. These cover both technical terms (CWE) and natural language ('how to fix'). | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with specific niche: focuses on CWE-based vulnerability remediation using 'Project CodeGuard rule's prescribed fix pattern'. The combination of CWE dispatch, vulnerability remediation, and specific tooling makes it unlikely to conflict with general code review or security scanning skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured dispatch/lookup skill that efficiently maps CWEs to CodeGuard remediation rules. Its strength is extreme conciseness and clear organization. The main limitation is that actionability depends entirely on the external CodeGuard rules - this skill provides the routing but not the actual executable fix code.
Suggestions
Consider adding one concrete before→after code example inline to demonstrate the expected output format, even if full patterns live in CodeGuard rules
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely lean and efficient. No unnecessary explanations of what CWEs are or how vulnerabilities work. Every line serves the lookup/dispatch purpose. | 3 / 3 |
Actionability | Provides a clear dispatch table and workflow, but the actual fix patterns are delegated to external CodeGuard rules rather than providing executable code examples directly. The skill is a lookup table pointing elsewhere. | 2 / 3 |
Workflow Clarity | Clear 4-step workflow with explicit sequence: lookup CWE, extract pattern, emit diff with verification, fallback handling. The process is unambiguous for this dispatch-style skill. | 3 / 3 |
Progressive Disclosure | Excellent structure with clear upstream reference, well-organized dispatch table, and appropriate delegation to CodeGuard rules. One level deep references are clearly signaled. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.