cc-skill-security-review
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist a...
Install with Tessl CLI
npx tessl i github:sickn33/antigravity-awesome-skills --skill cc-skill-security-review85
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillEvaluation — 98%
↑ 1.25xAgent success when using this skill
Validation for skill structure
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description has strong trigger term coverage and excellent completeness with an explicit 'Use this skill when...' opening. However, the description appears truncated, limiting full assessment of its specificity. The security focus provides reasonable distinctiveness but some terms could overlap with related development skills.
Suggestions
Ensure the full description is not truncated - complete the 'Provides comprehensive security checklist a...' phrase to fully communicate capabilities
Add more security-specific trigger terms like 'vulnerability', 'OWASP', 'sanitization', or 'encryption' to strengthen distinctiveness from general development skills
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names domain (security) and lists several actions (authentication, handling user input, working with secrets, creating API endpoints, payment features), but the description is truncated and ends with 'Provides comprehensive security checklist a...' which cuts off the full capability list. | 2 / 3 |
Completeness | Opens with explicit 'Use this skill when...' clause that clearly answers when to use it, and provides the what (security checklist for various scenarios). The trigger guidance is explicit and upfront. | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'authentication', 'user input', 'secrets', 'API endpoints', 'payment', 'sensitive features'. These are terms developers naturally use when discussing security concerns. | 3 / 3 |
Distinctiveness Conflict Risk | While security-focused, terms like 'API endpoints' and 'user input' could overlap with general web development or API skills. The security angle provides some distinction, but 'authentication' and 'secrets' could conflict with auth-specific or secrets management skills. | 2 / 3 |
Total | 10 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a comprehensive and highly actionable security skill with excellent concrete examples and clear verification checklists. Its main weakness is verbosity - the document could be significantly condensed by splitting detailed implementations into separate files and keeping SKILL.md as a concise overview with references. The content quality is high but token efficiency suffers from the monolithic structure.
Suggestions
Split detailed code examples into separate reference files (e.g., AUTH.md, INPUT_VALIDATION.md, XSS.md) and keep SKILL.md as a concise overview with links to each
Remove explanatory text that Claude already knows (e.g., 'SQL Injection vulnerability' comments) - the ❌/✅ pattern is self-explanatory
Consolidate the verification checklists into a single comprehensive checklist at the end, removing redundant inline checklists
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | While the skill provides valuable security patterns, it's verbose with extensive code examples that could be condensed. Some explanations are unnecessary for Claude (e.g., explaining what SQL injection is), and the document could be more token-efficient by consolidating similar patterns. | 2 / 3 |
Actionability | Excellent actionability with fully executable TypeScript/SQL code examples, clear ❌/✅ patterns showing what to avoid vs. what to do, and copy-paste ready implementations for each security concern. | 3 / 3 |
Workflow Clarity | Clear verification checklists after each section provide explicit validation steps. The pre-deployment checklist serves as a comprehensive final validation checkpoint, and the structure guides through each security domain systematically. | 3 / 3 |
Progressive Disclosure | The document is monolithic at ~400 lines with all content inline. While well-organized with clear sections, the extensive code examples for each security domain could be split into separate reference files (e.g., AUTH.md, INPUT_VALIDATION.md) with SKILL.md serving as an overview. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (501 lines); consider splitting into references/ and linking | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.