security-review
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
Install with Tessl CLI
npx tessl i github:sickn33/antigravity-awesome-skills --skill security-reviewOverall
score
83%
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description has strong completeness with an explicit 'Use this skill when...' clause and good trigger term coverage for security-related tasks. However, it lacks specificity about concrete actions (what exactly does the checklist cover? what patterns are provided?) and could potentially conflict with general API or authentication skills.
Suggestions
Add specific concrete actions like 'validates input sanitization, reviews authentication flows, checks for SQL injection vulnerabilities, audits secret management'
Differentiate from general API/auth skills by emphasizing the security audit/review aspect more explicitly
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security) and lists several areas (authentication, user input, secrets, API endpoints, payment features), but lacks concrete actions - 'Provides comprehensive security checklist and patterns' is vague about what specific actions are performed. | 2 / 3 |
Completeness | Explicitly answers both what ('Provides comprehensive security checklist and patterns') and when ('Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features'). | 3 / 3 |
Trigger Term Quality | Good coverage of natural terms users would say: 'authentication', 'user input', 'secrets', 'API endpoints', 'payment', 'sensitive features' are all terms developers naturally use when discussing security concerns. | 3 / 3 |
Distinctiveness Conflict Risk | While security-focused, terms like 'API endpoints' and 'user input' could overlap with general web development or API skills. The security niche is clear but boundaries with adjacent skills could be sharper. | 2 / 3 |
Total | 10 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, actionable security skill with excellent executable code examples and clear verification checklists. The main weakness is its length - at 400+ lines it could benefit from splitting detailed sections into separate reference files. Some explanatory text could be trimmed since Claude understands security concepts.
Suggestions
Split detailed sections (blockchain security, rate limiting, dependency management) into separate reference files linked from a concise overview
Remove explanatory phrases like 'Security is not optional' and concept explanations - focus purely on the actionable patterns and checklists
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but includes some unnecessary explanations Claude would know (e.g., explaining what SQL injection is, basic concepts). The code examples are valuable but some sections could be tightened. | 2 / 3 |
Actionability | Excellent executable code examples throughout - TypeScript validation schemas, SQL policies, rate limiting configs, and security tests are all copy-paste ready with real implementations. | 3 / 3 |
Workflow Clarity | Clear verification checklists after each section with explicit checkboxes, a comprehensive pre-deployment checklist, and security testing examples that demonstrate validation workflows. | 3 / 3 |
Progressive Disclosure | The content is well-organized with clear sections, but it's a monolithic 400+ line file. Topics like blockchain security, rate limiting, and dependency management could be split into separate reference files with links from the main skill. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.