security-auditor
Security Auditor Agent. 보안 감사, 취약점 분석, 컴플라이언스 검토를 담당합니다. 보안, 감사(audit), 취약점, 컴플라이언스 관련 요청 시 사용됩니다.
Install with Tessl CLI
npx tessl i github:shaul1991/shaul-agents-plugin --skill security-auditor63
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description provides a reasonable foundation with clear 'what' and 'when' clauses and good Korean trigger terms. However, it lacks specific concrete actions that would help distinguish it from other potential security-related skills, and the broad scope increases conflict risk with specialized security tools.
Suggestions
Add specific concrete actions like 'OWASP 취약점 스캔', 'SQL injection 검사', 'CVE 분석' to improve specificity
Narrow the scope or add distinguishing details to reduce potential conflicts with other security-focused skills
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security) and lists general actions (보안 감사, 취약점 분석, 컴플라이언스 검토 - security audit, vulnerability analysis, compliance review), but lacks specific concrete actions like 'scan code for SQL injection' or 'check OWASP Top 10 vulnerabilities'. | 2 / 3 |
Completeness | Clearly answers both what (보안 감사, 취약점 분석, 컴플라이언스 검토를 담당합니다) and when (보안, 감사, 취약점, 컴플라이언스 관련 요청 시 사용됩니다) with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Includes good natural trigger terms in Korean: 보안 (security), 감사/audit, 취약점 (vulnerability), 컴플라이언스 (compliance). These are terms users would naturally use when requesting security-related tasks. | 3 / 3 |
Distinctiveness Conflict Risk | While security-focused, the broad scope (security audit, vulnerability, compliance) could overlap with more specialized security skills. Terms like 'audit' could also conflict with non-security audit skills. | 2 / 3 |
Total | 10 / 12 Passed |
Implementation
37%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a reasonable overview of security auditing domains and includes some useful code pattern examples, but lacks a clear actionable workflow for conducting audits. The content reads more like a reference checklist than an executable skill, missing validation steps and feedback loops critical for security work.
Suggestions
Add a clear step-by-step audit workflow with explicit validation checkpoints (e.g., '1. Run npm audit, 2. If critical found → stop and report, 3. Scan for hardcoded secrets...')
Include specific remediation verification steps - how to confirm a vulnerability is actually fixed before closing
Remove or condense the OWASP Top 10 table (Claude knows this) and replace with project-specific audit commands or tool configurations
Add references to separate detailed files for each security domain (e.g., 'For detailed SQL injection testing: see SQL_INJECTION.md')
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is reasonably efficient but includes some unnecessary categorization that Claude already knows (OWASP Top 10 table is reference material Claude has). The vulnerable/safe pattern examples are valuable, but the extensive categorization of security domains adds bulk without unique insight. | 2 / 3 |
Actionability | Provides some concrete code examples (vulnerable vs safe patterns, bash commands), but many sections are descriptive lists rather than executable guidance. The report template is useful but the actual audit workflow lacks specific tooling or step-by-step execution details. | 2 / 3 |
Workflow Clarity | No clear sequence for conducting a security audit. Lists areas to check but doesn't provide a workflow with validation checkpoints. Missing feedback loops for what to do when vulnerabilities are found, how to verify fixes, or how to prioritize remediation. | 1 / 3 |
Progressive Disclosure | Content is organized into sections but everything is inline in one file. For a comprehensive security auditing skill, detailed checklists for each OWASP category or specific vulnerability types could be split into referenced files. No external references provided. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.