secure-dependency-health-check

Helps choose secure, healthy open-source packages by evaluating vulnerability status, maintenance health, popularity, community, and security posture. Use this skill when: - Agent needs to import a new dependency - User asks "which package should I use for X?" - User wants to compare packages (A vs B) - User asks "is this package safe?" - User asks for a "secure alternative" to a package - User mentions "dependency health", "package chooser", or "package security"

Quality

88%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured, actionable skill with clear multi-step workflows and good validation checkpoints. Its main weakness is moderate verbosity — several sections explain context or goals that Claude doesn't need, and the inline templates make the file longer than necessary. The lack of bundle files means all content is monolithic, though the internal organization partially compensates.

Suggestions

Remove 'Goal' statements at the start of each phase and trim field descriptions in Step 2.1 that merely restate what the tool returns — Claude can interpret tool responses without a field-by-field guide.

Consider extracting the comparison table template and the 'No Secure Option' template into a separate TEMPLATES.md file to reduce the main skill's length and improve progressive disclosure.

Dimension	Reasoning	Score
Conciseness	The skill is moderately verbose. Sections like Phase 1 ('Understand Requirements') and some of the field descriptions in Step 2.1 explain things Claude could infer. The comparison table template and alternative scenarios are useful but could be more compact. Some phrasing like 'Goal: Clarify what the user needs before recommending packages' is unnecessary narration.	2 / 3
Actionability	The skill provides concrete, actionable guidance throughout: specific tool names (snyk_package_health_check, snyk_sca_scan), explicit disqualification criteria, a ready-to-use comparison table template, and clear decision logic. The steps are specific enough to execute without ambiguity.	3 / 3
Workflow Clarity	The multi-phase workflow is clearly sequenced (Requirements → Analysis → Recommendation → Integration) with explicit validation checkpoints: disqualifier checks in Step 2.3, post-installation scan in Phase 4, and error handling with retry logic. The feedback loop for 'no candidates meet threshold' is well-defined.	3 / 3
Progressive Disclosure	The content is entirely self-contained in a single file with no bundle files. While the structure uses clear headings and phases, the document is quite long (~150 lines of substantive content) and could benefit from splitting detailed templates and error handling into separate reference files. However, no bundle exists to support this.	2 / 3
	Total	10 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly communicates its purpose, lists concrete evaluation dimensions, and provides an explicit and comprehensive 'Use this skill when' section with natural trigger phrases. It uses proper third-person voice and covers both the 'what' and 'when' thoroughly. The description is well-structured and would allow Claude to reliably select this skill from a large pool of available skills.

Dimension	Reasoning	Score
Specificity	The description lists multiple specific concrete actions: evaluating vulnerability status, maintenance health, popularity, community, and security posture. It clearly describes what the skill does — helps choose secure, healthy open-source packages by evaluating multiple named dimensions.	3 / 3
Completeness	Clearly answers both 'what' (helps choose secure, healthy open-source packages by evaluating vulnerability status, maintenance health, popularity, community, and security posture) and 'when' (explicit 'Use this skill when:' clause with six specific trigger scenarios).	3 / 3
Trigger Term Quality	Excellent coverage of natural terms users would say: 'which package should I use for X?', 'is this package safe?', 'secure alternative', 'dependency health', 'package chooser', 'package security', 'compare packages', 'import a new dependency'. These are highly natural phrases a user would actually use.	3 / 3
Distinctiveness Conflict Risk	The skill occupies a clear niche — open-source package evaluation for security and health. The trigger terms are specific to dependency selection and security assessment, making it unlikely to conflict with general coding skills, security scanning skills, or other tools.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: snyk/studio-recipes
Commit: 2be79eb

Reviewed: 5 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.