Name: container-security
Rating: 60.8 (1 reviews)
Author: snyk

container-security

Comprehensive container image security scanning and remediation. Analyzes Docker images for OS package vulnerabilities, application dependencies, and Dockerfile best practices. Use when: - User asks to scan a Docker image or container - User mentions "container security" or "image vulnerabilities" - User wants to secure a Dockerfile - User asks about base image security - Agent is working with Docker, Kubernetes, or container deployments

Quality

70%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./command_directives/synchronous_remediation/skills/container-security/SKILL.md

Quality

Content

39%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill has a well-structured multi-phase workflow with good validation/verification steps, but it is far too verbose for a SKILL.md file. Significant content redundancy (the end-to-end example and common scenarios repeat the phased workflow), unnecessary explanations, and a monolithic structure that should be split across multiple files all reduce its effectiveness as a concise, token-efficient skill.

Suggestions

Cut content by at least 50%: remove the Common Scenarios section (redundant with the phases), consolidate the end-to-end example into the Quick Start, and trim explanatory text that Claude can infer.

Split the base image quick reference table, Dockerfile best practices, and error handling into separate bundle files (e.g., BASE_IMAGES.md, BEST_PRACTICES.md) and reference them from the main SKILL.md.

Standardize the tool invocation name consistently throughout (either `mcp_snyk_snyk_container_scan` or `snyk_container_scan`, not both).

Replace the pseudocode Quick Start with a single concrete example showing the actual MCP tool call and expected output format.

Dimension	Reasoning	Score
Conciseness	The skill is extremely verbose at ~250+ lines with significant redundancy. The end-to-end example largely repeats what Phases 1-5 already cover. The 'Common Scenarios' section restates the same workflow in abbreviated form. Step 1.1 explains what an image reference looks like (Claude knows this). Much content could be cut in half without losing actionable information.	1 / 3
Actionability	The skill provides concrete MCP tool invocations and Dockerfile examples, which is good. However, the Quick Start is pseudocode-like numbered steps rather than executable commands, many code blocks are template/placeholder text (CVE-2024-XXXX), and the scan invocation syntax is inconsistent (sometimes `mcp_snyk_snyk_container_scan`, sometimes `snyk_container_scan`). The guidance is mostly concrete but has gaps in precision.	2 / 3
Workflow Clarity	The 5-phase workflow is clearly sequenced with explicit validation steps (Phase 5 includes rebuild, re-scan, and comparison). There's a clear feedback loop: scan → fix → rebuild with --no-cache → re-scan → compare results. The before/after comparison table is an excellent verification checkpoint.	3 / 3
Progressive Disclosure	This is a monolithic wall of text with no bundle files and no references to external documents. All content—quick reference tables, error handling, common scenarios, detailed examples—is inlined in a single massive file. Much of this (base image reference table, Dockerfile best practices, common scenarios) should be split into separate referenced files.	1 / 3
	Total	7 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly communicates what the skill does (container image security scanning and remediation across multiple dimensions) and when to use it (with a well-structured 'Use when' clause covering five distinct trigger scenarios). The description uses appropriate third-person voice, includes natural trigger terms, and is specific enough to be distinguishable from other skills.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: 'Analyzes Docker images for OS package vulnerabilities, application dependencies, and Dockerfile best practices.' These are distinct, concrete capabilities beyond vague language.	3 / 3
Completeness	Clearly answers both 'what' (analyzes Docker images for OS package vulnerabilities, application dependencies, Dockerfile best practices) and 'when' with an explicit 'Use when:' clause listing five specific trigger scenarios.	3 / 3
Trigger Term Quality	Excellent coverage of natural terms users would say: 'scan a Docker image', 'container security', 'image vulnerabilities', 'secure a Dockerfile', 'base image security', 'Docker', 'Kubernetes', 'container deployments'. These are terms users would naturally use.	3 / 3
Distinctiveness Conflict Risk	Clearly occupies a distinct niche around container image security scanning. The specific mentions of Docker images, container security, Dockerfile, and base image security make it unlikely to conflict with general security or general Docker skills.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: snyk/studio-recipes
Commit: 2be79eb

Reviewed: 4 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.