secure-at-inception
Proactive security scanning for newly generated or modified code. Intelligently detects changes, runs appropriate scans (SAST, SCA, IaC), filters to only NEW issues, and prevents vulnerabilities at the source. Use this skill when: - Agent generates new code files - Agent modifies existing code - User asks to "scan for security issues" or "check my changes" - Before committing changes - User mentions "secure at inception", "proactive scan", or "security check"
72
88%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly communicates what the skill does (proactive security scanning with specific scan types), when to use it (explicit trigger list with natural user phrases), and occupies a distinct niche. The description is well-structured with concrete actions and comprehensive trigger coverage. It uses proper third-person voice throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'detects changes', 'runs appropriate scans (SAST, SCA, IaC)', 'filters to only NEW issues', and 'prevents vulnerabilities at the source'. These are concrete, well-defined capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (proactive security scanning with SAST/SCA/IaC, filtering new issues) and 'when' with an explicit 'Use this skill when:' clause listing five specific trigger scenarios. | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms users would say: 'scan for security issues', 'check my changes', 'security check', 'proactive scan', 'secure at inception', plus contextual triggers like 'before committing changes' and 'generates new code files'. | 3 / 3 |
Distinctiveness Conflict Risk | Occupies a clear niche of proactive security scanning for code changes with distinct terminology (SAST, SCA, IaC, 'secure at inception'). Unlikely to conflict with general code review or testing skills due to the specific security focus and scan types mentioned. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, highly actionable skill with a clear multi-phase workflow, specific tool invocations, and good error handling. Its main weakness is length — the document could be more concise by trimming the best practices, constraints, and report template sections. The lack of bundle files means everything is inline, which is acceptable but results in a long single document.
Suggestions
Trim the Best Practices and Constraints sections — most of these restate behavior already encoded in the workflow phases (e.g., 'New Issues Only' is already enforced by Phase 3, 'Non-Destructive' is obvious from the workflow).
Consider extracting the full report template and error handling table into separate reference files (e.g., REPORT_TEMPLATE.md, ERROR_HANDLING.md) to keep the main skill leaner and improve progressive disclosure.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is fairly well-structured but includes some unnecessary verbosity — the Best Practices section rehashes general advice Claude would know, the constraints section restates things already implied by the workflow, and the report template is overly detailed. The file type reference table is efficient, but overall the document could be tightened by ~30%. | 2 / 3 |
Actionability | Highly actionable throughout: specific MCP tool names, concrete git commands, explicit parameters for each scan type, a complete report template with example rows, block decision logic, and error handling with specific recovery actions. The filtering logic (e.g., parsing @@ hunk headers) is precise and executable. | 3 / 3 |
Workflow Clarity | The 5-phase workflow is clearly sequenced with explicit steps, validation/filtering in Phase 3, a decision gate in Phase 4 (block vs. allow), and error handling. The feedback loop is present — blocked findings require fixes before proceeding. The parallel execution note for Phase 2 is a useful operational detail. | 3 / 3 |
Progressive Disclosure | The content is well-organized with clear sections and tables, but it's a monolithic ~170-line document with no references to external files. The report template, error handling table, and best practices could be split into separate reference files. However, since no bundle files exist, there's nothing to reference — the inline approach is the only option, which limits but doesn't eliminate the score. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- snyk/studio-recipes
- Commit
786986d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.