container-security
Comprehensive container image security scanning and remediation. Analyzes Docker images for OS package vulnerabilities, application dependencies, and Dockerfile best practices. Use when: - User asks to scan a Docker image or container - User mentions "container security" or "image vulnerabilities" - User wants to secure a Dockerfile - User asks about base image security - Agent is working with Docker, Kubernetes, or container deployments
76
70%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./command_directives/synchronous_remediation/skills/container-security/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly communicates what the skill does (container image security scanning covering OS packages, app dependencies, and Dockerfile best practices) and when to use it (with five explicit trigger scenarios). The trigger terms are natural and comprehensive, covering Docker, Kubernetes, container security, and related terminology. The description is well-structured, concise, and distinctive.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Analyzes Docker images for OS package vulnerabilities, application dependencies, and Dockerfile best practices.' Also mentions 'scanning and remediation' as high-level capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (analyzes Docker images for OS package vulnerabilities, application dependencies, Dockerfile best practices) and 'when' with an explicit 'Use when:' clause listing five specific trigger scenarios. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'scan a Docker image', 'container security', 'image vulnerabilities', 'secure a Dockerfile', 'base image security', 'Docker', 'Kubernetes', 'container deployments'. These are all terms users would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche focused specifically on container image security scanning. The triggers are specific to Docker/container security and unlikely to conflict with general security, code review, or other DevOps skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
39%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides a thorough container security scanning workflow with good sequencing and validation steps, but is far too verbose for a SKILL.md. It explains many concepts Claude already understands, repeats guidance across sections (main workflow, end-to-end example, common scenarios), and inlines reference material that should be in separate files. The actionability is moderate—tool invocations are concrete but much content is templated rather than executable.
Suggestions
Cut the content by at least 50%: remove Phase 1 (Claude can parse image references and infer scope), collapse the summary/remediation templates into a single concise end-to-end example, and eliminate the Common Scenarios section which largely restates the main workflow.
Move the Base Image Quick Reference table and Dockerfile Best Practices into separate reference files (e.g., BASE_IMAGES.md, DOCKERFILE_PRACTICES.md) and link to them from the main skill.
Replace the Quick Start pseudocode with a single concrete example showing the actual MCP tool call and a brief expected output, making it immediately copy-paste actionable.
Remove explanatory text that describes what Claude already knows (e.g., 'Extract the image reference from the user's request', the categorization table explaining what OS packages and app dependencies are).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~250+ lines. It over-explains concepts Claude already knows (e.g., what base images are, what OS packages vs app dependencies are, how Docker builds work). The phased structure with numbered sub-steps (1.1, 1.2, 2.1, etc.) adds significant overhead. Many sections like 'Parse User Input' and 'Determine Scan Scope' describe obvious reasoning steps Claude would naturally perform. The common scenarios section largely repeats the main workflow. | 1 / 3 |
Actionability | The skill provides concrete MCP tool invocations (mcp_snyk_snyk_container_scan) with specific parameters, and includes executable Dockerfile snippets and docker commands. However, much of the content is template/placeholder text (e.g., 'CVE-2024-XXXX', summary tables with X/Y/Z placeholders) rather than truly executable guidance, and the Quick Start is pseudocode-like numbered steps rather than actual commands. | 2 / 3 |
Workflow Clarity | The workflow is clearly sequenced across 5 phases with explicit validation steps (Phase 5 includes rebuild, re-scan, and comparison). The end-to-end example demonstrates the full feedback loop of scan → fix → rebuild → re-scan → verify. Error handling is included with a solutions table. | 3 / 3 |
Progressive Disclosure | This is a monolithic wall of text with no references to external files. All content—quick reference tables, common scenarios, error handling, detailed remediation examples, Dockerfile best practices—is inlined in a single document. Much of this (e.g., base image quick reference, Dockerfile best practices, common scenarios) could be split into separate reference files to keep the main skill lean. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- snyk/studio-recipes
- Commit
9293725
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.