secure-dependency-health-check
Helps choose secure, healthy open-source packages by evaluating vulnerability status, maintenance health, popularity, community, and security posture. Use this skill when: - Agent needs to import a new dependency - User asks "which package should I use for X?" - User wants to compare packages (A vs B) - User asks "is this package safe?" - User asks for a "secure alternative" to a package - User mentions "dependency health", "package chooser", or "package security"
72
88%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly communicates its purpose, lists concrete evaluation dimensions, and provides an explicit and comprehensive set of trigger scenarios. It uses third-person voice appropriately and covers natural user language well. The structured 'Use this skill when' list with specific user phrases makes it highly actionable for skill selection.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: evaluating vulnerability status, maintenance health, popularity, community, and security posture. Clearly describes what the skill does — helps choose secure, healthy open-source packages by evaluating multiple named dimensions. | 3 / 3 |
Completeness | Clearly answers both 'what' (evaluates vulnerability status, maintenance health, popularity, community, security posture for open-source packages) and 'when' (explicit 'Use this skill when:' clause with six specific trigger scenarios). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural user phrases: 'which package should I use for X?', 'is this package safe?', 'secure alternative', 'dependency health', 'package chooser', 'package security', 'compare packages'. These are terms users would naturally say. | 3 / 3 |
Distinctiveness Conflict Risk | Occupies a clear niche — open-source package evaluation and security assessment. The specific triggers around dependency health, package comparison, and security posture are distinct and unlikely to conflict with general coding or security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, actionable skill with a clear multi-phase workflow and good error handling. Its main weakness is moderate verbosity — some explanatory text and field descriptions could be trimmed since Claude can infer much of this context. The lack of bundle files means all content is inline, which is acceptable but not optimal for a skill of this length.
Suggestions
Trim Phase 1 and the introductory text — Claude doesn't need to be told to 'clarify what the user needs'; just list the steps directly.
Condense Step 2.1's field descriptions into a compact reference table rather than bullet-point explanations of each field's meaning.
Consider extracting the comparison table template and the 'No Secure Option' template into a separate TEMPLATES.md to reduce the main file's token footprint.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is moderately verbose. Sections like Phase 1 ("Understand Requirements") and some of the field descriptions in Step 2.1 explain things Claude could infer. The comparison table template and alternative scenarios are useful but could be more compact. Some phrasing like 'Help developers and AI agents make informed decisions' is filler. | 2 / 3 |
Actionability | The skill provides concrete, specific guidance: it names the exact tool to call (`snyk_package_health_check`), specifies ecosystems, lists exact fields to evaluate, provides disqualification criteria with specific thresholds (3+ years, `is_archived: true`), and includes a ready-to-use comparison table template with example values. Post-installation steps reference a specific tool (`snyk_sca_scan`). | 3 / 3 |
Workflow Clarity | The four-phase workflow is clearly sequenced with explicit steps. Disqualification criteria serve as validation checkpoints in Phase 2. Error handling covers package-not-found, scan failures, and no-candidates-meet-threshold scenarios with clear fallback actions. The post-installation scan in Phase 4 acts as a verification step for the full dependency tree. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear headers and phases, but it's entirely monolithic — everything is in one file with no references to supporting documents. The comparison table template and alternative scenarios could be split into referenced files. For a skill of this length (~150 lines of substantive content), some progressive disclosure into bundle files would improve token efficiency. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- snyk/studio-recipes
- Commit
786986d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.