CtrlK
BlogDocsLog inGet started
Tessl Logo

dependabot-tooling-downgrade

Use a validated tooling downgrade when Dependabot flags an unpatchable transitive vulnerability in build-only dependencies.

71

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

85%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is a well-organized, actionable instruction set with a clear sequenced workflow and explicit validation. Its main weakness is time-sensitive version/date detail embedded inline rather than isolated in a deprecated/old-patterns section.

Suggestions

Move the 2026-04-26 revalidation and exact version-range specifics into a clearly labeled 'Prior validation history' or 'Deprecated paths' subsection so the core guidance stays evergreen.

Add a brief explicit error-recovery loop (e.g., 'if `npm run package` fails after the downgrade, revert the version bump and re-audit') to make the validation feedback loop fully explicit.

DimensionReasoningScore

Conciseness

The body is lean with no padding or explanation of concepts Claude already knows, but it embeds time-sensitive specifics (the 2026-04-26 revalidation date and exact version ranges like @vscode/vsce ^3.7.1 to ^2.25.0) outside any 'old patterns'/'deprecated' section, which the rubric penalizes, matching the score-2 anchor rather than 3.

2 / 3

Actionability

As an instruction-only skill it gives concrete, specific guidance ("Validate the exact release command ... not just `npm install` or `npm audit`", "refresh the lockfile", "verify the packaging path") with named commands, matching the actionable top anchor per the code-vs-instruction scoring note.

3 / 3

Workflow Clarity

Patterns are a clearly numbered 1-5 sequence with an explicit validation checkpoint (step 4: validate the exact release command) and pre-change confirmation (step 1), so the validation-required cap does not apply and it matches the score-3 anchor.

3 / 3

Progressive Disclosure

The skill is under 50 lines, needs no external bundle files, and is organized into well-signaled sections (Context, Patterns, Examples, Anti-Patterns), meeting the simple-skill score-3 criterion.

3 / 3

Total

11

/

12

Passed

Description

90%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is concise, uses third-person/imperative voice, and clearly answers both what the skill does and when to use it with a distinct, low-conflict trigger. Its only gap is that it names a single action rather than enumerating multiple concrete capabilities.

Suggestions

Enumerate one or two more concrete actions (e.g., 'downgrade the tool, refresh the lockfile, and verify the packaging command') to lift specificity to the top anchor.

DimensionReasoningScore

Specificity

It names the domain and one concrete action ("Use a validated tooling downgrade") plus the trigger ("Dependabot flags an unpatchable transitive vulnerability"), but lists only a single action rather than multiple specific concrete actions, matching the score-2 anchor.

2 / 3

Completeness

It explicitly answers both what ("Use a validated tooling downgrade") and when ("when Dependabot flags an unpatchable transitive vulnerability in build-only dependencies"), satisfying the score-3 anchor with an explicit trigger clause.

3 / 3

Trigger Term Quality

"Dependabot flags an unpatchable transitive vulnerability" uses the natural terms a user would say (Dependabot, vulnerability) with good coverage for this domain, matching the score-3 anchor.

3 / 3

Distinctiveness Conflict Risk

The niche is highly specific (Dependabot downgrade for unpatchable transitive vulnerabilities in build-only dependencies), giving it distinct triggers unlikely to conflict with other skills, matching the score-3 anchor.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
sbroenne/mcp-server-excel
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.