CtrlK
BlogDocsLog inGet started
Tessl Logo

container-security

Comprehensive container image security scanning and remediation. Analyzes Docker images for OS package vulnerabilities, application dependencies, and Dockerfile best practices. Use when: - User asks to scan a Docker image or container - User mentions "container security" or "image vulnerabilities" - User wants to secure a Dockerfile - User asks about base image security - Agent is working with Docker, Kubernetes, or container deployments

72

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with a well-sequenced, verified workflow, but it is verbose (placeholder tables and redundant scenario/quick-start sections) and fails to surface its two reference files, inlining their content instead. Tightening the padding and linking the references would lift the weaker dimensions.

Suggestions

Remove the placeholder "X/Y/Z/W" summary tables and the redundant "Quick Start" / "Common Scenarios" sections that restate the phased workflow to tighten conciseness.

Replace the inline "Base Image Quick Reference" table and "Dockerfile Best Practices" section with one-level-deep links to references/base-image-recommendations.md and references/dockerfile-best-practices.md so the references are clearly signaled.

Consolidate the Phase 4 remediation templates (Steps 4.1–4.3) into a single concise pattern, keeping only the concrete commands and dropping repeated boilerplate headers.

DimensionReasoningScore

Conciseness

Mostly efficient and concrete, but padded with placeholder tables ("X | Y | Z | W") and redundant sections — "Quick Start" and "Common Scenarios" restate the phased workflow, and the inline "Base Image Quick Reference" table duplicates references/base-image-recommendations.md.

2 / 3

Actionability

Provides concrete, copy-paste-ready guidance: real tool invocations with named parameters (`mcp_snyk_snyk_container_scan` with `image`, `file`, `app_vulns`, `severity_threshold`, `exclude_base_image_vulns`), executable Dockerfile snippets, and shell commands like `docker build --no-cache -t myapp:fixed .`.

3 / 3

Workflow Clarity

A clear five-phase sequence (identify → scan → analyze → remediate → verify) with an explicit validation/feedback loop in Phase 5 (rebuild, re-scan, compare before/after), satisfying the checkpoint requirement for batch/destructive operations.

3 / 3

Progressive Disclosure

Two bundle files exist (base-image-recommendations.md, dockerfile-best-practices.md) but the body never links or signals them, while overlapping base-image and Dockerfile-best-practice content is inlined — fitting the score-2 anchor of references present but not clearly signaled with content that should be separate kept inline.

2 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is strong: third-person, concrete capabilities, a rich set of natural trigger terms, and an explicit Use-when clause covering both what and when. It is clearly distinct from other skills.

DimensionReasoningScore

Specificity

Lists multiple concrete actions: "Analyzes Docker images for OS package vulnerabilities, application dependencies, and Dockerfile best practices", matching the score-3 anchor of multiple specific concrete actions.

3 / 3

Completeness

Explicitly answers both what (analyzes OS package vulnerabilities, app dependencies, Dockerfile best practices) and when via a literal "Use when:" clause with five trigger bullets, matching the score-3 anchor.

3 / 3

Trigger Term Quality

Covers natural phrasings a user would say — "scan a Docker image or container", "container security", "image vulnerabilities", "secure a Dockerfile", "base image security", "Docker, Kubernetes, or container deployments" — giving good coverage of common variations.

3 / 3

Distinctiveness Conflict Risk

Occupies a clear niche (container-image security scanning/remediation) with distinct, specific triggers unlikely to fire for unrelated skills; written in third person ("Analyzes"), so no voice penalty applies.

3 / 3

Total

12

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
snyk/studio-recipes
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.