CtrlK
BlogDocsLog inGet started
Tessl Logo

secure-at-inception

Proactive security scanning for newly generated or modified code. Intelligently detects changes, runs appropriate scans (SAST, SCA, IaC), filters to only NEW issues, and prevents vulnerabilities at the source. Use this skill when: - Agent generates new code files - Agent modifies existing code - User asks to "scan for security issues" or "check my changes" - Before committing changes - User mentions "secure at inception", "proactive scan", or "security check"

72

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with a clear, well-validated multi-phase workflow, but it underuses its own bundle files: the references are neither linked from the body nor relied upon, causing redundant inline content and weaker navigation.

Suggestions

Replace the inline Step 4.1 severity-threshold table with a one-line pointer to references/severity-thresholds.md to avoid duplicating that reference and reduce body length.

Trim the File Type → Scan Type Reference table to the essential triggers and link to references/supported-languages.md for the exhaustive extension/manifest lists.

Add a short 'References' section near the top listing severity-thresholds.md and supported-languages.md so the bundle structure is clearly signaled and navigable.

DimensionReasoningScore

Conciseness

The body is mostly lean and assumes Claude's competence, but it duplicates content already present in the bundle files — notably the Step 4.1 severity-threshold table (fully covered in references/severity-thresholds.md) and the file-type table (in references/supported-languages.md) — so not every token earns its place.

2 / 3

Actionability

It provides concrete, executable guidance: specific git diff commands, named MCP tools with their parameters (path, severity_threshold, all_projects), hunk-parsing filter logic for @@ -X,Y +A,B @@ ranges, and a copy-ready report template.

3 / 3

Workflow Clarity

The process is clearly sequenced across Phases 1–5 with numbered steps, validation checkpoints in the filter-to-new-issues and block-decision phases, and explicit retry/feedback loops in the error-handling table.

3 / 3

Progressive Disclosure

Bundle files exist in references/ (severity-thresholds.md, supported-languages.md) but the body never signals or links to them, and their content is inlined rather than split out — fitting the anchor for references present but not clearly signaled with content that should be separate kept inline.

2 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong description that clearly states concrete capabilities and provides an explicit, multi-trigger 'when to use' clause in third person. Minor buzzword ('Intelligently') and one generic trigger do not materially weaken it.

DimensionReasoningScore

Specificity

The description names multiple concrete actions — 'detects changes, runs appropriate scans (SAST, SCA, IaC), filters to only NEW issues, and prevents vulnerabilities at the source' — matching the anchor for listing several specific actions.

3 / 3

Completeness

It states both what the skill does (proactive scanning, change detection, filtering to new issues) and when to use it via an explicit 'Use this skill when:' list with multiple triggers.

3 / 3

Trigger Term Quality

It includes natural phrases users would say such as "scan for security issues", "check my changes", "secure at inception", "proactive scan", and "security check", giving good coverage of likely utterances.

3 / 3

Distinctiveness Conflict Risk

It carves a clear niche — Snyk-backed proactive security scanning of newly generated/modified code — with distinct triggers unlikely to fire for unrelated skills, though 'check my changes' is mildly generic.

3 / 3

Total

12

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
snyk/studio-recipes
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.