burp-suite-testing
This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp ...
Install with Tessl CLI
npx tessl i github:sickn33/antigravity-awesome-skills --skill burp-suite-testing79
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillAgent success when using this skill
Validation for skill structure
Discovery
72%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description has strong trigger term coverage with natural phrases security testers would use, and occupies a clear niche around Burp Suite/web security testing. However, the description appears truncated and focuses primarily on 'when to use' without clearly articulating the full range of capabilities (the 'what'). The structure inverts the typical pattern by leading with triggers rather than capabilities.
Suggestions
Add explicit capability statements before the trigger clause, e.g., 'Configures Burp Suite proxy settings, captures and modifies HTTP/HTTPS requests, identifies web vulnerabilities, and generates security reports.'
Ensure the description is complete and not truncated - the current version ends with '...' suggesting missing content
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (HTTP traffic, web requests, Burp Suite) and some actions (intercept, modify, scanning, testing), but the description appears truncated and doesn't provide a comprehensive list of concrete actions like 'extract text, fill forms, merge documents' would. | 2 / 3 |
Completeness | The description starts with 'This skill should be used when...' which addresses the 'when' aspect, but the description is truncated and we cannot confirm it fully explains 'what' the skill does beyond the trigger scenarios. The 'what' capabilities are only implied through the trigger terms. | 2 / 3 |
Trigger Term Quality | Includes strong natural trigger terms users would actually say: 'intercept HTTP traffic', 'modify web requests', 'use Burp Suite', 'web vulnerability scanning', 'test with Burp'. These are phrases security testers would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Very specific niche targeting Burp Suite and web security testing. The explicit mention of 'Burp Suite', 'HTTP traffic interception', and 'web vulnerability scanning' creates clear, distinct triggers unlikely to conflict with other skills. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable skill with excellent workflow clarity and concrete examples. The main weaknesses are its length (could be more concise by removing explanatory content Claude already knows) and the monolithic structure that would benefit from progressive disclosure to separate reference files. The security testing guidance is practical and immediately usable.
Suggestions
Move the 'Common Testing Payloads' and 'Troubleshooting' sections to separate reference files (e.g., PAYLOADS.md, TROUBLESHOOTING.md) and link to them from the main skill
Remove explanatory content like 'Scope Benefits' bullet points and the verbose Purpose section - Claude understands why scope limiting is useful
Condense the 'Editions Comparison' table into a single line note: 'Note: Scanner and full Intruder require Professional Edition'
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably efficient but includes some unnecessary explanations (e.g., 'Scope Benefits' section explains obvious concepts, the Purpose section restates what Burp Suite does). Some tables and sections could be tightened. | 2 / 3 |
Actionability | Provides concrete, executable guidance throughout with specific UI navigation paths, actual HTTP request examples, real payloads, and step-by-step instructions that are immediately actionable. | 3 / 3 |
Workflow Clarity | Clear six-phase workflow with explicit sequencing. Each phase has numbered steps, and the workflow includes validation checkpoints (e.g., 'Review response in right panel', 'Analyze Results' sections). Troubleshooting section provides error recovery guidance. | 3 / 3 |
Progressive Disclosure | Content is well-organized with clear sections and headers, but it's a monolithic document (~300 lines) that could benefit from splitting detailed content (payloads, troubleshooting, examples) into separate reference files. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.