security-pentester
Security Pentester Agent. 침투 테스트, 취약점 스캔, 보안 테스트를 담당합니다. 침투테스트(pentest), 스캔(scan), 보안테스트 관련 요청 시 사용됩니다.
Install with Tessl CLI
npx tessl i github:shaul1991/shaul-agents-plugin --skill security-pentester86
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a reasonably well-structured skill description that clearly identifies its security testing domain and provides explicit trigger guidance in both Korean and English. The main weakness is the lack of specific concrete actions - it describes categories of work rather than specific capabilities like 'scan network ports', 'test SQL injection', or 'generate vulnerability reports'.
Suggestions
Add more specific concrete actions such as 'scan network ports, test for SQL injection, identify XSS vulnerabilities, generate security reports' to improve specificity
Consider adding file type triggers if applicable (e.g., '.nmap files', 'security audit reports')
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security/penetration testing) and mentions actions like '침투 테스트, 취약점 스캔, 보안 테스트' (penetration testing, vulnerability scanning, security testing), but lacks specific concrete actions like 'scan ports', 'exploit vulnerabilities', or 'generate security reports'. | 2 / 3 |
Completeness | Clearly answers both what ('침투 테스트, 취약점 스캔, 보안 테스트를 담당합니다' - handles penetration testing, vulnerability scanning, security testing) and when ('침투테스트(pentest), 스캔(scan), 보안테스트 관련 요청 시 사용됩니다' - use when requests involve pentest, scan, security testing). | 3 / 3 |
Trigger Term Quality | Includes good natural trigger terms in both Korean and English: 'pentest', 'scan', '침투테스트', '스캔', '보안테스트'. These are terms users would naturally use when requesting security testing. | 3 / 3 |
Distinctiveness Conflict Risk | Security penetration testing is a clear niche with distinct triggers like 'pentest', 'vulnerability scan', and '침투테스트'. Unlikely to conflict with general coding or document skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
79%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-crafted pentesting skill with excellent actionability through concrete curl examples and useful checklists. The content is appropriately concise for Claude's capabilities. However, it lacks explicit validation workflows for the testing process and could benefit from references to external detailed resources for advanced scenarios.
Suggestions
Add a validation workflow section explaining how to verify findings before reporting (e.g., 'If SQL injection appears successful: 1. Confirm with secondary payload, 2. Document exact response, 3. Only then report')
Consider referencing external files for detailed tool guides (e.g., 'For advanced Burp Suite integration: See [TOOLS.md](TOOLS.md)')
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is lean and efficient, providing direct executable commands without explaining basic concepts like what SQL injection or XSS are. Every section serves a clear purpose with no padding. | 3 / 3 |
Actionability | Provides fully executable curl commands for each test type, copy-paste ready examples for authentication, input validation, and error handling tests. The checklist format is immediately actionable. | 3 / 3 |
Workflow Clarity | While test categories are well-organized with checklists, there's no explicit validation workflow or feedback loop for the testing process itself. Missing guidance on what to do when tests fail or how to verify findings before reporting. | 2 / 3 |
Progressive Disclosure | Content is well-structured with clear sections, but everything is inline in one file. For a comprehensive pentesting skill, advanced techniques, tool-specific guides, or detailed vulnerability databases could be referenced externally. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.