audit-skills
Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).
39
37%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/audit-skills/SKILL.mdQuality
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is strong in specificity and distinctiveness, clearly defining a unique niche of security auditing for AI Skills and Bundles with concrete actions listed. However, it lacks an explicit 'Use when...' clause which caps completeness, and the trigger terms lean toward technical jargon rather than natural user language like 'is this skill safe' or 'check this bundle for malware'.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks to review, scan, or verify the safety of a skill or bundle, or when checking for malware, vulnerabilities, or suspicious code.'
Include more natural user-facing trigger terms such as 'scan', 'is this safe', 'check for malware', 'review skill safety', 'vulnerability check', 'trust', alongside the existing technical terms.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'non-intrusive static analysis', 'identify malicious patterns', 'data leaks', 'system stability risks', 'obfuscated payloads'. Also specifies the target domain ('AI Skills and Bundles') and platforms covered. | 3 / 3 |
Completeness | Clearly answers 'what does this do' (performs static analysis to identify security issues), but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The 'when' is only implied by the nature of the skill. | 2 / 3 |
Trigger Term Quality | Includes some relevant terms like 'security audit', 'malicious patterns', 'data leaks', 'static analysis', but misses common user-facing trigger terms like 'scan', 'vulnerability', 'safe', 'trust', 'review skill', or 'check for malware'. The terms lean more technical/formal than what users would naturally say. | 2 / 3 |
Distinctiveness Conflict Risk | Very distinct niche: security auditing specifically for 'AI Skills and Bundles' is a narrow, well-defined domain unlikely to conflict with other skills. The combination of security analysis + AI skills/bundles is highly specific. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads as a descriptive overview of security audit concepts rather than an actionable guide for Claude. It catalogs threat patterns extensively but provides no concrete methodology, tools, commands, scoring rubric, or output format for actually performing an audit. The content is verbose, listing well-known security concepts that Claude already understands, while failing to provide the specific, executable guidance needed to make the skill useful.
Suggestions
Replace the vague examples with concrete input/output pairs showing an actual skill file being analyzed and the expected security report format (including the 0-10 scoring rubric with clear criteria).
Add an executable workflow with specific steps: e.g., 1) Read all files in bundle, 2) Run pattern matching against threat signatures, 3) Cross-reference with CATALOG.md, 4) Generate structured report — with a concrete report template.
Move the detailed threat pattern catalog (sections 1-9) into a separate THREATS.md reference file and keep only a concise summary in SKILL.md.
Remove boilerplate sections (When to Use, Common Pitfalls, Limitations) and explanatory text that describes what Claude already knows — focus on the specific patterns, scoring criteria, and output format unique to this skill.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is highly verbose and padded with information Claude already knows. It explains what static analysis is, lists well-known commands (curl, wget, sudo, chmod) with obvious risk descriptions, and includes boilerplate sections like 'When to Use This Skill', 'Common Pitfalls', and 'Limitations' that add little actionable value. The threat detection catalog reads like a textbook rather than a concise reference. | 1 / 3 |
Actionability | The skill provides no concrete, executable guidance. There are no actual commands to run, no code snippets for performing the audit, no specific tool invocations, and no structured output format. The 'Examples' section shows only vague user prompts with no expected outputs. It describes what to look for but never shows how to actually perform the analysis. | 1 / 3 |
Workflow Clarity | The three 'steps' (Static Analysis, Platform-Specific Threat Detection, Reporting) are vague labels without actionable sequences. There are no validation checkpoints, no feedback loops, no concrete process for how to actually conduct the audit. Step 3 mentions generating a report with a score but provides no scoring criteria or report template. | 1 / 3 |
Progressive Disclosure | The content has some structural organization with headers and sub-sections, and the threat categories are logically grouped. However, the massive inline threat catalog (sections 1-9) should be in a separate reference file, and there are no bundle files to support progressive disclosure. The reference to CATALOG.md is unexplained. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- sickn33/antigravity-awesome-skills
- Commit
fe8351e
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.