007
Security audit, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team, OWASP checks, code review, incident response, and infrastructure security for any project.
52
58%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/antigravity-awesome-skills-claude/skills/007/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity and trigger term coverage across the security domain. It names concrete methodologies and activities that would naturally match user queries about security. The main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know precisely when to select this skill.
Suggestions
Add a 'Use when...' clause, e.g., 'Use when the user asks about security vulnerabilities, penetration testing, threat analysis, compliance checks, or securing code and infrastructure.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: security audit, hardening, threat modeling with named frameworks (STRIDE/PASTA), Red/Blue Team exercises, OWASP checks, code review, incident response, and infrastructure security. | 3 / 3 |
Completeness | Clearly answers 'what does this do' with a comprehensive list of security capabilities, but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The 'when' is only implied by the domain terms. Per rubric guidelines, missing 'Use when' caps completeness at 2. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'security audit', 'threat modeling', 'OWASP', 'code review', 'incident response', 'Red/Blue Team', 'STRIDE', 'PASTA', 'hardening', 'infrastructure security'. These cover a wide range of security-related queries. | 3 / 3 |
Distinctiveness Conflict Risk | The security domain focus with specific frameworks (STRIDE, PASTA, OWASP) and activities (Red/Blue Team, incident response) creates a clear niche that is unlikely to conflict with non-security skills. The breadth within security is appropriate for a single security skill. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is an ambitious, comprehensive security audit skill that suffers from extreme verbosity and poor content distribution. The 6-phase workflow and structured output format show good design thinking, but the skill dumps everything into a single massive file rather than leveraging the referenced documents. Hardcoded Windows paths, missing bundle files, and extensive explanation of concepts Claude already understands significantly reduce its effectiveness.
Suggestions
Reduce the main SKILL.md to ~100 lines by moving playbooks, detailed checklists, STRIDE/PASTA explanations, and scoring details into the referenced files (references/*.md) and actually include those bundle files.
Remove hardcoded Windows paths (C:\Users\renat\...) and use relative paths from the skill directory instead.
Add explicit validation checkpoints between the 6 phases (e.g., 'Phase 1 complete when: surface map JSON generated and reviewed') to improve workflow clarity.
Cut explanatory content Claude already knows (what STRIDE acronym means, what trust boundaries are, what PII is) and focus only on project-specific conventions and decision rules.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at 400+ lines. Explains concepts Claude already knows (what STRIDE stands for, what PDF is equivalent explanations for security concepts). Contains massive checklists, full playbook templates, and extensive tables that could be in reference files. The 'When to Use' and 'Do Not Use' sections are boilerplate. Hardcoded Windows file paths (C:\Users\renat\...) add noise. Much content repeats across sections (e.g., scoring mentioned multiple times, scripts listed twice). | 1 / 3 |
Actionability | References specific scripts with concrete commands (e.g., `python scripts/quick_scan.py --target <caminho>`), provides structured output templates, and includes detailed checklists. However, no bundle files are provided so none of the referenced scripts actually exist, making the commands non-executable. The playbooks are structured but are templates rather than executable code. The checklist items are actionable guidance but lack concrete code examples for fixes. | 2 / 3 |
Workflow Clarity | The 6-phase analysis process is clearly sequenced with a visual flow diagram, and each phase is well-defined. However, there are no explicit validation checkpoints between phases — the skill says '007 nunca pula fases' but doesn't define what constitutes completion of each phase or how to verify before proceeding. For destructive/batch security operations, there are no feedback loops for error recovery within the workflow itself. | 2 / 3 |
Progressive Disclosure | References 10+ reference files in a dedicated References section, which is good structure. However, no bundle files are provided, so none of these references actually exist. The main SKILL.md is monolithic — the full playbooks, complete checklists, STRIDE/PASTA details, and scoring system are all inline when they should be in the referenced files. The content that supposedly lives in references/ is duplicated in the main file. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (656 lines); consider splitting into references/ and linking | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Repository
- sickn33/antigravity-awesome-skills
- Commit
0839f85
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.