secure-dependency-health-check
Helps choose secure, healthy open-source packages by evaluating vulnerability status, maintenance health, popularity, community, and security posture. Use this skill when: - Agent needs to import a new dependency - User asks "which package should I use for X?" - User wants to compare packages (A vs B) - User asks "is this package safe?" - User asks for a "secure alternative" to a package - User mentions "dependency health", "package chooser", or "package security"
90
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly communicates its purpose, lists concrete evaluation dimensions, and provides an explicit and comprehensive set of trigger scenarios. It uses proper third-person voice and covers both the 'what' and 'when' thoroughly. The trigger terms are natural and varied, covering multiple ways a user might invoke this skill.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: evaluating vulnerability status, maintenance health, popularity, community, and security posture. Clearly describes what the skill does — helps choose secure, healthy open-source packages by evaluating multiple named dimensions. | 3 / 3 |
Completeness | Clearly answers both 'what' (evaluates vulnerability status, maintenance health, popularity, community, security posture for open-source packages) and 'when' (explicit 'Use this skill when:' clause with six specific trigger scenarios). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural user phrases: 'which package should I use for X?', 'is this package safe?', 'secure alternative', 'dependency health', 'package chooser', 'package security', 'compare packages'. These are terms users would naturally say. | 3 / 3 |
Distinctiveness Conflict Risk | Occupies a clear niche — open-source package evaluation and security assessment. The specific triggers around dependency health, package comparison, and security posture are distinct and unlikely to conflict with general coding or security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable skill with clear workflow sequencing and concrete tool usage guidance. Its main weakness is moderate verbosity—the phased structure with stated goals, detailed field descriptions, and full example templates make it longer than necessary. The content would benefit from tightening descriptions Claude can infer and potentially splitting templates into a reference file.
Suggestions
Remove the 'Goal' statements at the start of each phase and the field-by-field description of tool response in Step 2.1—Claude can interpret tool responses directly; instead just list which fields matter for disqualification decisions.
Consider extracting the comparison table template and the 'No Secure Option' template into a separate TEMPLATES.md file, referenced from the main skill.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is moderately verbose with some unnecessary scaffolding (e.g., restating 'Goal' for each phase, explaining what fields the tool returns when Claude could infer this from the tool response). The phase structure adds overhead, and some sections like 'Error Handling' and 'Monitoring Recommendation' contain guidance Claude would naturally follow. However, it's not egregiously padded. | 2 / 3 |
Actionability | The skill provides concrete, specific guidance: exact tool names to call (`snyk_package_health_check`, `snyk_sca_scan`), specific field names to evaluate, clear disqualification criteria with thresholds, and a complete comparison table template with example output. The steps are copy-paste actionable. | 3 / 3 |
Workflow Clarity | The multi-step workflow is clearly sequenced across four phases with explicit validation checkpoints: disqualification criteria in Step 2.3 act as a gate before recommendations, post-installation scan serves as verification, and the 'No Candidates Meet Threshold' scenario provides a clear feedback loop with alternative paths. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear headers and phases, but it's a monolithic document that could benefit from splitting detailed templates (comparison table, warning template) and error handling into separate reference files. For its length (~150 lines of substantive content), some sections like the full example tables could be externalized. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- snyk/studio-recipes
- Commit
9293725
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.