007
Security audit, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team, OWASP checks, code review, incident response, and infrastructure security for any project.
65
58%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/007/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity and trigger term coverage across the security domain, listing concrete methodologies and frameworks. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know precisely when to select this skill. The security-focused terminology makes it highly distinctive and unlikely to conflict with other skills.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about security vulnerabilities, penetration testing, threat analysis, compliance checks, or securing code and infrastructure.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: security audit, hardening, threat modeling with named frameworks (STRIDE/PASTA), Red/Blue Team exercises, OWASP checks, code review, incident response, and infrastructure security. | 3 / 3 |
Completeness | Clearly answers 'what does this do' with a comprehensive list of security capabilities, but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The 'when' is only implied by the domain terms. Per rubric guidelines, missing 'Use when' caps completeness at 2. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'security audit', 'threat modeling', 'OWASP', 'code review', 'incident response', 'Red/Blue Team', 'STRIDE', 'PASTA', 'hardening', 'infrastructure security'. These cover a wide range of security-related queries. | 3 / 3 |
Distinctiveness Conflict Risk | The security-specific terminology (STRIDE, PASTA, OWASP, Red/Blue Team, incident response) creates a clear niche that is unlikely to conflict with non-security skills. The combination of these specialized terms makes it highly distinctive. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is extremely comprehensive in scope but suffers from severe verbosity — it's essentially an entire security handbook inlined into a single SKILL.md. Much of the content (STRIDE definitions, PASTA stages, general security checklists, incident response procedures) is knowledge Claude already possesses and doesn't need to be spelled out. The truncated Phase 3 checklist and hardcoded Windows paths to a specific user's machine further reduce quality.
Suggestions
Reduce the main SKILL.md to ~100 lines covering the 6-phase workflow overview, scoring system summary, and quick command reference — move all playbooks, detailed checklists, STRIDE/PASTA explanations, and defense categories into the referenced files that already exist in references/.
Remove explanations of concepts Claude already knows (STRIDE threat definitions, what PASTA stages mean, general security principles like 'validate all inputs') and replace with only project-specific conventions or non-obvious patterns.
Fix the truncated Phase 3 checklist (cuts off at 'Au') and replace hardcoded paths (C:\Users\renat\skills\007\scripts\) with relative paths or variables.
Add explicit validation gates between the 6 phases (e.g., 'Phase 1 is complete when the surface map JSON is generated and reviewed; do not proceed to Phase 2 without it').
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at 400+ lines. Contains massive amounts of content Claude already knows (STRIDE definitions, what PASTA stages are, general security concepts). The checklist items, attacker personas, defense categories, and playbooks are largely common security knowledge that doesn't need to be spelled out in full. Hardcoded Windows file paths (C:\Users\renat\...) add clutter. | 1 / 3 |
Actionability | References specific scripts with concrete commands (e.g., quick_scan.py, threat_modeler.py), which is good, but the scripts themselves are not provided or verified to exist. The checklists and playbooks provide structured guidance but are largely generic security knowledge rather than project-specific executable instructions. The response format template is helpful but is a template, not executable code. | 2 / 3 |
Workflow Clarity | The 6-phase analysis process is clearly sequenced with a visual flow diagram, and each phase is described. However, there are no explicit validation checkpoints between phases — the skill says '007 nunca pula fases' but doesn't define what constitutes completion of a phase or how to verify before proceeding. The checklist in Phase 3 appears truncated (cuts off mid-sentence at 'Au'), indicating incomplete content. | 2 / 3 |
Progressive Disclosure | References to external files are well-organized (references/ directory with clear descriptions), which is good progressive disclosure. However, the main SKILL.md itself is monolithic — the playbooks, full checklists, STRIDE/PASTA details, and scoring system could all be in separate referenced files instead of inline. The content that should be in reference files is duplicated in the main body. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (656 lines); consider splitting into references/ and linking | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Repository
- sickn33/antigravity-awesome-skills
- Commit
1a9f5ac
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.