secure-at-inception
Proactive security scanning for newly generated or modified code. Intelligently detects changes, runs appropriate scans (SAST, SCA, IaC), filters to only NEW issues, and prevents vulnerabilities at the source. Use this skill when: - Agent generates new code files - Agent modifies existing code - User asks to "scan for security issues" or "check my changes" - Before committing changes - User mentions "secure at inception", "proactive scan", or "security check"
90
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly articulates specific capabilities (SAST, SCA, IaC scanning, change detection, new-issue filtering) and provides explicit trigger guidance with a well-structured 'Use this skill when:' clause. The description is concise, uses third-person voice appropriately, and includes both user-initiated triggers ('scan for security issues') and workflow-based triggers ('before committing changes'), making it highly effective for skill selection.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'detects changes', 'runs appropriate scans (SAST, SCA, IaC)', 'filters to only NEW issues', and 'prevents vulnerabilities at the source'. These are concrete, well-defined capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (proactive security scanning with SAST/SCA/IaC, filtering to new issues) and 'when' with an explicit 'Use this skill when:' clause listing five specific trigger scenarios. | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms users would say: 'scan for security issues', 'check my changes', 'security check', 'proactive scan', 'secure at inception', plus contextual triggers like 'before committing changes' and 'generates new code files'. Good coverage of both explicit user phrases and implicit workflow triggers. | 3 / 3 |
Distinctiveness Conflict Risk | Clearly occupies a distinct niche: proactive security scanning of newly generated/modified code with specific scan types (SAST, SCA, IaC). The focus on NEW issues and the 'secure at inception' framing make it unlikely to conflict with general code review or testing skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, highly actionable skill with excellent workflow clarity and a well-defined multi-phase process. Its main weakness is length—the full report template, extensive file type lists, and best practices section add bulk that could be offloaded to referenced files. The content is well-structured but would benefit from progressive disclosure to reduce the token footprint in the main skill file.
Suggestions
Move the full report template and example tables to a separate REPORT_TEMPLATE.md file, keeping only a brief description and link in the main skill.
Extract the best practices and error handling sections into a referenced file (e.g., OPERATIONS.md) to reduce the main file's token cost.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is generally well-structured and avoids explaining basic concepts, but includes some verbosity that could be tightened—e.g., the extensive file extension lists, the full report template with placeholder rows, and the best practices section contains guidance Claude could infer (like caching strategies). The constraints section partially restates earlier content. | 2 / 3 |
Actionability | Highly actionable throughout: specific MCP tool names, concrete git commands, exact parameters for each scan type, a complete report template, specific filtering logic with git diff hunk parsing instructions, and a clear block decision algorithm. The error handling table provides concrete recovery actions. | 3 / 3 |
Workflow Clarity | Excellent multi-phase workflow with clear sequencing (Phases 1-5), explicit validation/filtering in Phase 3 before reporting, a clear block decision logic in Phase 4.3, and error recovery paths. The filter-before-report pattern serves as a validation checkpoint ensuring only new issues surface. | 3 / 3 |
Progressive Disclosure | The content is well-organized with clear sections and tables, but it's a long monolithic document (~170 lines of substantive content). The report template, best practices, and error handling could be split into referenced files. No external file references are used despite the complexity warranting them. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- snyk/studio-recipes
- Commit
9293725
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.