ai-inventory

Generate and analyze AI Bill of Materials (AIBOM) for Python projects using AI/ML components. Identifies AI models, datasets, tools, and frameworks for security and compliance tracking. Use this skill when: - User asks to scan for AI components - User wants to know what AI models a project uses - User mentions "AI BOM", "AI inventory", or "ML security" - User is working with Python AI/ML projects (PyTorch, TensorFlow, HuggingFace) - User needs AI component compliance documentation

Quality

77%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./command_directives/synchronous_remediation/skills/ai-inventory/SKILL.md

Quality

Content

55%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill has a well-structured multi-phase workflow with good validation checkpoints and error handling, which is its strongest aspect. However, it suffers from being overly long and monolithic — the compliance templates, risk assessment guidance, and use case descriptions inflate the token cost without adding proportional value. Much of the content in Phases 4-5 is generic governance advice that Claude could generate on its own.

Suggestions

Extract the compliance report template (Phase 5) and risk assessment details (Phase 4) into separate referenced files (e.g., COMPLIANCE_TEMPLATE.md, RISK_ASSESSMENT.md) to reduce the main skill's token footprint.

Remove or significantly condense the list of common AI/ML packages in Step 1.2 — Claude already knows these; a brief 'scan dependency files for AI/ML packages' instruction suffices.

Make Phase 1 (Project Validation) more actionable by providing concrete tool calls or commands (e.g., using file listing tools) rather than describing what to check for.

Trim the use cases section — these are essentially summaries of the phases already described and add little new information.

Dimension	Reasoning	Score
Conciseness	The skill is moderately efficient but includes unnecessary content Claude already knows — e.g., listing common AI/ML packages, explaining what license risk levels mean, and the detailed compliance report template with generic governance checklists. The risk assessment and documentation phases add significant length with guidance that is more template-filling than actionable instruction.	2 / 3
Actionability	The core action (calling mcp_snyk_snyk_aibom) is concrete and clear, but most of the skill beyond Phase 2 consists of report templates and general security/compliance guidance rather than executable steps. The project validation phase (checking for requirements.txt, scanning for AI packages) describes what to do but doesn't provide concrete commands or code to accomplish it.	2 / 3
Workflow Clarity	The five-phase workflow is clearly sequenced with explicit validation checkpoints: verify project suitability before scanning, validate AIBOM output before analysis, and error handling blocks with specific remediation steps at each failure point. The 'do not continue to Phase 3' gate after validation is a good feedback loop.	3 / 3
Progressive Disclosure	The content is a monolithic wall of text with no references to external files despite being ~180 lines. The compliance report templates, risk assessment details, and use cases could easily be split into separate reference files. No bundle files exist to support progressive disclosure, and the skill doesn't reference any.	1 / 3
	Total	8 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly defines its niche (AIBOM for Python AI/ML projects), lists concrete capabilities, and provides explicit trigger guidance with natural user terms. It uses proper third-person voice throughout and covers both the 'what' and 'when' comprehensively. Minor improvement could include mentioning output formats, but overall this is well-crafted.

Dimension	Reasoning	Score
Specificity	Lists multiple concrete actions: 'Generate and analyze AI Bill of Materials', 'Identifies AI models, datasets, tools, and frameworks', and specifies the purpose 'security and compliance tracking'. These are specific, actionable capabilities.	3 / 3
Completeness	Clearly answers both 'what' (generate/analyze AIBOMs, identify AI models/datasets/tools/frameworks for security and compliance) and 'when' with an explicit 'Use this skill when:' clause listing five specific trigger scenarios.	3 / 3
Trigger Term Quality	Excellent coverage of natural terms users would say: 'AI BOM', 'AI inventory', 'ML security', 'AI components', 'AI models', 'PyTorch', 'TensorFlow', 'HuggingFace', 'Python AI/ML projects', 'compliance documentation'. These are terms users would naturally use.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive niche — AI Bill of Materials is a very specific domain. The combination of AIBOM generation, AI/ML component scanning, and compliance tracking creates a clear, unique identity that is unlikely to conflict with general Python or security skills.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: snyk/studio-recipes
Commit: 2be79eb

Reviewed: 4 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.