vulnerability-pattern-matcher
Matches code against Project CodeGuard's catalog of known-dangerous patterns — banned C functions, weak crypto primitives, hardcoded credentials, deprecated APIs. Use when grepping for low-hanging security fruit, when enforcing a ban-list in CI, or when the user asks to check for known-bad patterns.
Install with Tessl CLI
npx tessl i github:santosomar/general-secure-coding-agent-skills --skill vulnerability-pattern-matcher89
Quality
86%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It provides specific concrete capabilities (banned functions, weak crypto, hardcoded credentials, deprecated APIs), includes natural trigger terms users would actually say, explicitly states when to use it with multiple scenarios, and has a clear distinctive niche around pattern-matching against known-bad security patterns.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Matches code against...catalog of known-dangerous patterns' with explicit examples including 'banned C functions, weak crypto primitives, hardcoded credentials, deprecated APIs'. | 3 / 3 |
Completeness | Clearly answers both what ('Matches code against...catalog of known-dangerous patterns') AND when ('Use when grepping for low-hanging security fruit, when enforcing a ban-list in CI, or when the user asks to check for known-bad patterns'). | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'security', 'banned', 'credentials', 'deprecated APIs', 'ban-list', 'CI', 'known-bad patterns', 'grepping'. These cover both technical and conversational terms. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused on pattern-matching against a specific catalog (Project CodeGuard) for security anti-patterns. The specific mention of 'ban-list', 'known-dangerous patterns', and 'CodeGuard' distinguishes it from general security analysis or code review skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill excels at conciseness and progressive disclosure, effectively delegating to CodeGuard's catalog while providing a clear dispatch table. However, it lacks concrete executable examples for the matching operations and could benefit from validation steps in the workflow to handle edge cases.
Suggestions
Add concrete grep/regex examples for at least one pattern class (e.g., banned C functions) to make the skill immediately actionable
Include a validation step in the workflow for when CodeGuard rules are inaccessible or when no matches are found
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely lean content that assumes Claude's competence. No unnecessary explanations of what grep, AST matching, or security patterns are. Every line serves a purpose. | 3 / 3 |
Actionability | Provides clear dispatch table and workflow steps, but lacks concrete code examples for the grep/AST-match operations. No executable commands or copy-paste ready patterns shown. | 2 / 3 |
Workflow Clarity | Three-step workflow is clear and sequenced, but lacks validation checkpoints. No guidance on what to do if patterns aren't found or if the CodeGuard rules are unavailable. | 2 / 3 |
Progressive Disclosure | Appropriately structured with clear delegation to external CodeGuard rules. The dispatch table provides excellent navigation to specific rule references without nesting. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.