audit-skills
Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).
46
33%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/audit-skills/SKILL.mdQuality
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is strong in specificity and distinctiveness, clearly defining a narrow security auditing niche for AI Skills and Bundles with concrete actions and platform coverage. However, it lacks an explicit 'Use when...' clause, which caps completeness, and the trigger terms lean toward technical jargon rather than natural user language. Adding explicit trigger guidance and more user-facing keywords would significantly improve skill selection accuracy.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks to review, scan, or check a skill or bundle for security issues, safety, or trustworthiness.'
Include more natural user-facing trigger terms such as 'scan for threats', 'check if safe', 'security review', 'vulnerability check', or 'is this skill safe to install'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'non-intrusive static analysis', 'identify malicious patterns', 'data leaks', 'system stability risks', 'obfuscated payloads'. Also specifies the target domain (AI Skills and Bundles) and platforms (Windows, macOS, Linux/Unix, Mobile). | 3 / 3 |
Completeness | Clearly answers 'what does this do' (performs static analysis to identify various security risks), but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The 'when' is only implied by the nature of the skill. | 2 / 3 |
Trigger Term Quality | Contains relevant technical keywords like 'security audit', 'static analysis', 'malicious patterns', 'data leaks', 'obfuscated payloads', but misses common user-facing trigger terms like 'scan', 'review for safety', 'check if safe', 'vulnerability', or 'threat detection'. Users might not naturally say 'obfuscated payloads' when requesting a security review. | 2 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche: security auditing specifically for 'AI Skills and Bundles' with a focus on static analysis of malicious patterns. This is unlikely to conflict with general code review or other security-related skills due to its narrow, well-defined scope. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a threat taxonomy reference document than an actionable skill. It exhaustively lists security patterns to look for but fails to provide concrete procedures, executable analysis steps, output formats, or decision frameworks. The content is verbose, repeats itself, and buries any useful guidance under walls of categorized command lists that would be better served as a separate reference file.
Suggestions
Replace the vague 3-step workflow with a concrete, sequenced audit procedure including specific file-by-file analysis steps, a scoring rubric with clear criteria, and an explicit output report template/format.
Move the extensive threat pattern catalog (sections 1-9) into a separate THREAT_PATTERNS.md reference file and keep only a concise summary in the main skill.
Add a concrete example showing an actual skill snippet being audited with the expected security report output, including specific findings, severity ratings, and the final score.
Remove redundant content: the overview is repeated in Step 1, the 'When to Use' section restates the overview, and the examples provide no actionable detail beyond restating the skill's purpose.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose, repeating the overview description multiple times, explaining concepts Claude already knows (what sudo, chmod, curl do), and padding with exhaustive lists of commands that serve as reference material rather than actionable guidance. The 'When to Use' section restates the overview, and many sections contain unnecessary elaboration. | 1 / 3 |
Actionability | Despite listing many threat patterns, the skill provides no concrete, executable steps for performing an audit. The examples are just vague prompts ('Perform a security audit on this skill bundle') with no expected output format, no actual code for scanning, and no specific procedure to follow. It describes what to look for but not how to actually do it. | 1 / 3 |
Workflow Clarity | The three 'steps' (Static Analysis, Platform-Specific Threat Detection, Reporting) are vague labels without clear sequencing, validation checkpoints, or feedback loops. Step 1 just restates the overview. Step 3 mentions generating a report but provides no template or format. There's no guidance on what to do when threats are found or how to prioritize findings. | 1 / 3 |
Progressive Disclosure | The skill is a monolithic wall of text with all threat categories inlined rather than organized into separate reference files. The extensive platform-specific threat catalogs (sections 1-9) should be in a separate reference document, with the main skill providing a concise overview and workflow. The reference to CATALOG.md is unexplained. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- sickn33/antigravity-awesome-skills
- Commit
1a9f5ac
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.