security-auditor

Security Auditor Agent. 보안 감사, 취약점 분석, 컴플라이언스 검토를 담당합니다. 보안, 감사(audit), 취약점, 컴플라이언스 관련 요청 시 사용됩니다.

Quality

59%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Fix and improve this skill with Tessl

tessl review fix ./skills/security-auditor/SKILL.md

Quality

Content

37%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill provides a reasonable overview of security auditing domains and includes some useful code pattern examples, but lacks a clear actionable workflow for conducting audits. The content reads more like a reference checklist than an executable skill, missing validation steps and feedback loops critical for security work.

Suggestions

Add a clear step-by-step audit workflow with explicit validation checkpoints (e.g., '1. Run npm audit, 2. If critical found → stop and report, 3. Scan for hardcoded secrets...')

Include specific remediation verification steps - how to confirm a vulnerability is actually fixed before closing

Remove or condense the OWASP Top 10 table (Claude knows this) and replace with project-specific audit commands or tool configurations

Add references to separate detailed files for each security domain (e.g., 'For detailed SQL injection testing: see SQL_INJECTION.md')

Dimension	Reasoning	Score
Conciseness	The content is reasonably efficient but includes some unnecessary categorization that Claude already knows (OWASP Top 10 table is reference material Claude has). The vulnerable/safe pattern examples are valuable, but the extensive categorization of security domains adds bulk without unique insight.	2 / 3
Actionability	Provides some concrete code examples (vulnerable vs safe patterns, bash commands), but many sections are descriptive lists rather than executable guidance. The report template is useful but the actual audit workflow lacks specific tooling or step-by-step execution details.	2 / 3
Workflow Clarity	No clear sequence for conducting a security audit. Lists areas to check but doesn't provide a workflow with validation checkpoints. Missing feedback loops for what to do when vulnerabilities are found, how to verify fixes, or how to prioritize remediation.	1 / 3
Progressive Disclosure	Content is organized into sections but everything is inline in one file. For a comprehensive security auditing skill, detailed checklists for each OWASP category or specific vulnerability types could be split into referenced files. No external references provided.	2 / 3
	Total	7 / 12 Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This description provides a reasonable foundation with clear 'what' and 'when' clauses and good Korean trigger terms. However, it lacks specific concrete actions that would help distinguish it from other potential security-related skills, and the broad scope increases conflict risk with specialized security tools.

Suggestions

Add specific concrete actions like 'OWASP 취약점 스캔', 'SQL injection 검사', 'CVE 분석' to improve specificity

Narrow the scope or add distinguishing details to reduce potential conflicts with other security-focused skills

Dimension	Reasoning	Score
Specificity	Names the domain (security) and lists general actions (보안 감사, 취약점 분석, 컴플라이언스 검토 - security audit, vulnerability analysis, compliance review), but lacks specific concrete actions like 'scan code for SQL injection' or 'check OWASP Top 10 vulnerabilities'.	2 / 3
Completeness	Clearly answers both what (보안 감사, 취약점 분석, 컴플라이언스 검토를 담당합니다) and when (보안, 감사, 취약점, 컴플라이언스 관련 요청 시 사용됩니다) with explicit trigger guidance.	3 / 3
Trigger Term Quality	Includes good natural trigger terms in Korean: 보안 (security), 감사/audit, 취약점 (vulnerability), 컴플라이언스 (compliance). These are terms users would naturally use when requesting security-related tasks.	3 / 3
Distinctiveness Conflict Risk	While security-focused, the broad scope (security audit, vulnerability, compliance) could overlap with more specialized security skills. Terms like 'audit' could also conflict with non-security audit skills.	2 / 3
	Total	10 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
allowed_tools_field	'allowed-tools' contains unusual tool name(s)	Warning

	Total	10 / 11 Passed

Repository: shaul1991/shaul-agents-plugin
Commit: 9242c58

Reviewed: 4 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.