secure-dependency-health-check
Helps choose secure, healthy open-source packages by evaluating vulnerability status, maintenance health, popularity, community, and security posture. Use this skill when: - Agent needs to import a new dependency - User asks "which package should I use for X?" - User wants to compare packages (A vs B) - User asks "is this package safe?" - User asks for a "secure alternative" to a package - User mentions "dependency health", "package chooser", or "package security"
90
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly communicates its purpose, lists specific evaluation criteria, and provides comprehensive trigger guidance. The explicit 'Use this skill when:' clause with multiple natural-language scenarios makes it easy for Claude to select this skill appropriately. The description is well-structured, concise, and uses proper third-person voice throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description lists multiple specific concrete actions: evaluating vulnerability status, maintenance health, popularity, community, and security posture. It clearly names the domain (open-source package selection) and the specific evaluation criteria. | 3 / 3 |
Completeness | Clearly answers both 'what' (evaluates vulnerability status, maintenance health, popularity, community, security posture for open-source packages) and 'when' (explicit 'Use this skill when:' clause with six specific trigger scenarios). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would actually say: 'which package should I use for X?', 'is this package safe?', 'secure alternative', 'dependency health', 'package chooser', 'package security', 'compare packages'. These closely match real user language patterns. | 3 / 3 |
Distinctiveness Conflict Risk | The skill occupies a clear niche around open-source package evaluation and security assessment. The specific triggers like 'dependency health', 'package chooser', 'is this package safe?' are distinct and unlikely to conflict with general coding or security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable skill with clear workflow phases, explicit decision criteria, and useful output templates. Its main weakness is moderate verbosity—some sections explain things Claude would naturally understand (like identifying ecosystems or clarifying requirements), and the tool field descriptions could be tighter. The comparison table template and disqualifier list are particularly strong elements that provide concrete, executable guidance.
Suggestions
Trim Phase 1 significantly—Claude doesn't need instructions on how to identify candidate packages or clarify user requirements; focus on what's unique to this skill.
Condense the Step 2.1 field descriptions into a compact reference table rather than bullet-point explanations of each field.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is moderately verbose. Sections like Phase 1 ('Understand Requirements') and some of the explanatory text around tool fields are somewhat unnecessary given Claude's intelligence. The field descriptions in Step 2.1 could be more concise, and some guidance (like 'Identify the package ecosystem') is obvious. However, the comparison table template and disqualifier list earn their place. | 2 / 3 |
Actionability | The skill provides concrete, actionable guidance: specific tool calls (`snyk_package_health_check`, `snyk_sca_scan`), exact disqualification criteria, a ready-to-use comparison table template, and specific alternative scenarios. The output format is copy-paste ready and the decision logic is explicit. | 3 / 3 |
Workflow Clarity | The four-phase workflow is clearly sequenced with logical progression from requirements gathering through analysis, recommendation, and post-installation verification. Disqualification criteria serve as validation checkpoints, and the error handling section provides clear recovery paths. The post-installation scan (Phase 4) acts as a verification step for the full dependency tree. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear headers and phases, but it's a fairly long monolithic document (~150 lines of substantive content). The comparison table template and alternative scenarios could potentially be split into referenced files. However, there are no deeply nested references, and the organization is logical. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- snyk/studio-recipes
- Commit
adb5a9a
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.