CtrlK
BlogDocsLog inGet started
Tessl Logo

secure-dependency-health-check

Helps choose secure, healthy open-source packages by evaluating vulnerability status, maintenance health, popularity, community, and security posture. Use this skill when: - Agent needs to import a new dependency - User asks "which package should I use for X?" - User wants to compare packages (A vs B) - User asks "is this package safe?" - User asks for a "secure alternative" to a package - User mentions "dependency health", "package chooser", or "package security"

68

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

62%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is a clear, well-sequenced workflow with good validation checkpoints, but it is held back by mild verbosity and an illustrative comparison template that is not executable, plus an un-signaled reference file.

Suggestions

Replace the illustrative filled-in comparison table with a templated skeleton (placeholder rows/columns) Claude fills from tool output, removing the example data that pads the skill.

Add an explicit, one-level-deep link to the existing reference (e.g., 'See [package-evaluation-criteria.md](references/package-evaluation-criteria.md) for full per-category criteria') so progressive disclosure is clearly signaled.

Deduplicate the tool return-field listings between Step 2.1 and Step 2.2 to tighten conciseness.

DimensionReasoningScore

Conciseness

The body is well-organized and mostly efficient, but Step 2.1 and 2.2 restate tool return fields already enumerated elsewhere, and the filled-in comparison table reads as illustrative padding rather than instruction.

2 / 3

Actionability

It names the exact tool, ecosystems, and specific fields (is_archived, latest_release_published_at), but the centerpiece comparison 'table' is a template illustration rather than executable, copy-paste-ready guidance.

2 / 3

Workflow Clarity

Phases 1-4 are clearly sequenced with explicit disqualifier checkpoints in Step 2.3 and a dedicated Error Handling section providing feedback loops for not-found, scan-failure, and no-candidate cases.

3 / 3

Progressive Disclosure

A one-level-deep reference (package-evaluation-criteria.md) exists and the overview is self-contained, but the body never signals or links to that reference file, so navigation to the detail content is not clearly indicated.

2 / 3

Total

9

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is third-person, concise, and clearly states both capability and trigger conditions with natural user phrasings. It is well above the rubric's good-example bar across all dimensions.

DimensionReasoningScore

Specificity

Lists multiple concrete capabilities — 'evaluating vulnerability status, maintenance health, popularity, community, and security posture' — rather than vague language.

3 / 3

Completeness

Explicitly answers both what (choose secure, healthy packages by evaluating several dimensions) and when via a dedicated 'Use this skill when:' clause with concrete triggers.

3 / 3

Trigger Term Quality

Strong coverage of natural user phrasings including 'which package should I use for X?', 'is this package safe?', 'secure alternative', 'dependency health', and 'A vs B'.

3 / 3

Distinctiveness Conflict Risk

The package-security/health-selection niche is clearly bounded with distinctive triggers unlikely to fire for unrelated skills.

3 / 3

Total

12

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
snyk/studio-recipes
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.