executive-ciso
Executive CISO Agent. 보안 정책, 리스크 관리, 컴플라이언스를 담당합니다.
Install with Tessl CLI
npx tessl i github:shaul1991/shaul-agents-plugin --skill executive-ciso37
Quality
23%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/executive-ciso/SKILL.mdDiscovery
32%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear security leadership domain but remains too high-level and abstract. It lacks concrete actions, explicit trigger conditions, and sufficient keyword coverage. The absence of a 'Use when...' clause significantly limits Claude's ability to correctly select this skill from a large skill library.
Suggestions
Add a 'Use when...' clause with explicit triggers like 'Use when the user asks about security policies, compliance audits, risk assessments, ISMS, or CISO-level security decisions'
Replace abstract categories with concrete actions such as 'Reviews security policies, conducts risk assessments, evaluates compliance status against frameworks (ISO 27001, SOC2, GDPR)'
Include both Korean and English trigger terms to improve keyword coverage: 'security audit, 보안 감사, compliance review, 컴플라이언스 점검, risk assessment, 위험 평가'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security) and lists three general areas: '보안 정책, 리스크 관리, 컴플라이언스' (security policy, risk management, compliance). However, these are broad categories rather than concrete actions like 'audit security configurations' or 'generate compliance reports'. | 2 / 3 |
Completeness | Only describes 'what' at a high level (handles security policy, risk management, compliance) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. | 1 / 3 |
Trigger Term Quality | Includes relevant Korean terms for security policy, risk management, and compliance which users might mention. However, missing common variations, English equivalents, and specific trigger phrases like 'security audit', 'GDPR', 'SOC2', or 'vulnerability assessment'. | 2 / 3 |
Distinctiveness Conflict Risk | The 'CISO' role and security focus provides some distinctiveness, but the broad terms like 'risk management' and 'compliance' could overlap with other governance, legal, or audit-related skills. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
14%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is essentially a placeholder that defines a role without providing any actionable guidance. It lists responsibilities and trigger keywords but fails to instruct Claude on how to actually perform CISO duties such as creating security policies, conducting risk assessments, or managing compliance. The skill needs substantial content to be useful.
Suggestions
Add concrete templates or examples for security policy documents, risk assessment frameworks, or compliance checklists that Claude can use or adapt
Define step-by-step workflows for key CISO tasks (e.g., 'To create a security policy: 1. Assess current state... 2. Identify gaps... 3. Draft policy using template...')
Include references to supporting files like policy templates, compliance frameworks (ISO 27001, SOC2, etc.), or risk assessment matrices
Provide specific output formats and validation criteria for deliverables (e.g., what a complete security policy document should contain)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is brief and doesn't over-explain concepts Claude knows, but it's so sparse that it lacks substance rather than being efficiently dense with useful information. | 2 / 3 |
Actionability | The skill provides only vague role descriptions and bullet points with no concrete guidance, commands, templates, or executable examples for how to actually perform CISO tasks. | 1 / 3 |
Workflow Clarity | No workflows, processes, or steps are defined. The skill lists responsibilities but provides no sequence for how to approach security policy creation, risk assessment, or compliance tasks. | 1 / 3 |
Progressive Disclosure | The content is a flat list with no structure for discovery. It mentions an output location but provides no references to detailed guides, templates, or supporting documentation. | 1 / 3 |
Total | 5 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.