snyk-fix
Complete security remediation workflow. Scans code for vulnerabilities using Snyk, fixes them, validates the fix, and optionally creates a PR. Supports both single-issue and batch mode for multiple vulnerabilities. Use this skill when: - User asks to fix security vulnerabilities - User mentions "snyk fix", "security fix", or "remediate vulnerabilities" - User wants to fix a specific CVE, Snyk ID, or vulnerability type (XSS, SQL injection, path traversal, etc.) - User wants to upgrade a vulnerable dependency - User asks to "fix all" vulnerabilities or "fix all high/critical" issues (batch mode)
90
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly articulates what the skill does (security remediation workflow using Snyk), how it works (scan, fix, validate, PR), and when to use it (with a detailed bulleted list of trigger scenarios). It uses third-person voice, includes natural trigger terms users would actually say, and occupies a clearly distinct niche.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: scans code for vulnerabilities using Snyk, fixes them, validates the fix, creates a PR. Also specifies single-issue and batch mode capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (scans, fixes, validates, creates PR for security vulnerabilities using Snyk) and 'when' with an explicit 'Use this skill when:' clause listing five specific trigger scenarios. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'fix security vulnerabilities', 'snyk fix', 'security fix', 'remediate vulnerabilities', 'CVE', 'Snyk ID', 'XSS', 'SQL injection', 'path traversal', 'upgrade a vulnerable dependency', 'fix all', 'fix all high/critical'. | 3 / 3 |
Distinctiveness Conflict Risk | Clearly occupies a distinct niche around Snyk-based security vulnerability remediation. The specific tool (Snyk), action types (CVE fixes, dependency upgrades), and workflow (scan → fix → validate → PR) make it highly distinguishable from general code or security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, highly actionable skill with excellent workflow clarity — clear phases, validation checkpoints, retry limits, and rollback triggers make it robust for a complex multi-step security remediation process. The main weakness is that the entire workflow is contained in a single large file, which could be better organized with progressive disclosure into sub-files. Minor conciseness improvements are possible by reducing repetition between the constraints/checklist sections and the phase descriptions.
Suggestions
Split detailed sections (e.g., Phase 4 SCA remediation, Phase 7 PR creation, Error Handling table) into separate referenced files to reduce the main skill's token footprint and improve progressive disclosure.
Remove the Constraints and Completion Checklist sections at the bottom, as they largely repeat information already embedded in the phase descriptions — or consolidate them as the sole source of truth and trim the phases.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is lengthy but most content is necessary given the complexity of the workflow (batch/single modes, code/SCA paths, error handling). Some sections could be tightened — e.g., the mode detection table has some redundancy, and the constraints/completion checklist sections partially repeat what's already stated in the phases. However, it avoids explaining concepts Claude already knows. | 2 / 3 |
Actionability | The skill provides concrete MCP tool invocations, specific bash commands for git operations, exact branch naming formats, commit message templates, and clear decision logic. Code examples are executable and copy-paste ready (scan invocations, grep commands, git workflows, gh pr create). | 3 / 3 |
Workflow Clarity | The multi-step workflow is clearly sequenced across 7 phases with explicit validation checkpoints (Phase 5 re-scan, test, lint), retry limits (max 3 attempts), rollback triggers, and feedback loops (fix → validate → retry or revert). The batch mode includes user confirmation gates before proceeding. Error recovery is thoroughly documented. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear headers and phases, but it's a monolithic document (~250 lines) that could benefit from splitting detailed sections (e.g., error handling, batch mode specifics, PR creation) into separate referenced files. Everything is inline, making it a large single file to load into context. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- snyk/studio-recipes
- Commit
adb5a9a
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.