CtrlK
BlogDocsLog inGet started
Tessl Logo

snyk-fix

Complete security remediation workflow. Scans code for vulnerabilities using Snyk, fixes them, validates the fix, and optionally creates a PR. Supports both single-issue and batch mode for multiple vulnerabilities. Use this skill when: - User asks to fix security vulnerabilities - User mentions "snyk fix", "security fix", or "remediate vulnerabilities" - User wants to fix a specific CVE, Snyk ID, or vulnerability type (XSS, SQL injection, path traversal, etc.) - User wants to upgrade a vulnerable dependency - User asks to "fix all" vulnerabilities or "fix all high/critical" issues (batch mode)

72

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with a clear, well-validated multi-phase workflow, but it is a monolithic single file with some redundancy and inline reference-grade content that could be split out. Conciseness and progressive disclosure are the weakest dimensions.

Suggestions

Move the Phase 4 breakability decision trees and the output/report templates (No Fix Available, Full Advisory, summaries) into reference files under references/ and link to them from SKILL.md to improve progressive disclosure and reduce the monolithic length.

Trim redundant restatement — the Constraints and Completion Checklist sections largely restate phase instructions; consolidate or reference the canonical phase steps instead of repeating them.

Remove explanations of concepts Claude already knows (e.g., the semver patch/minor/major distance primer in Step 4.2a) and keep only the risk-derivation table that uses those terms.

DimensionReasoningScore

Conciseness

The body is mostly efficient — exact tool calls, commands, and decision tables — but includes some tightening opportunities (e.g., the Constraints section restates phase content, and Step 4.2a explains semver patch/minor/major concepts Claude already knows), placing it at the 'mostly efficient but could be tightened' score 2 rather than the lean score 3.

2 / 3

Actionability

Guidance is concrete and copy-paste ready: exact MCP tool invocations with parameters, git/gh commands, branch-name formats, and full output/feedback templates, matching the 'fully executable, copy-paste ready' anchor rather than the incomplete score 2.

3 / 3

Workflow Clarity

Phases are explicitly sequenced (Parse → Scan → Analyze → Fix → Validate → Summary → PR) with explicit validation checkpoints, max-attempt feedback loops, rollback triggers, an error-handling table, and a completion checklist; validation is thorough for destructive/batch work, matching the score 3 anchor and avoiding the score-2 cap for missing validation.

3 / 3

Progressive Disclosure

No bundle files exist and the body references none, so it is a single monolithic file; while sections are well-organized, substantial inline content (the Phase 4 breakability decision trees and output templates) could be split into reference files, fitting the 'content that should be separate is inline' score 2 better than the one-level-deep reference structure of score 3.

2 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is strong: concrete actions, rich natural trigger terms, explicit use-when guidance, and a distinct Snyk security niche. It hits the top anchor on all four dimensions.

DimensionReasoningScore

Specificity

The description lists multiple concrete actions — "Scans code for vulnerabilities using Snyk, fixes them, validates the fix, and optionally creates a PR" plus single and batch modes — matching the 'multiple specific concrete actions' anchor rather than the partial-actions score 2.

3 / 3

Completeness

It explicitly answers both what the skill does and when to use it via an explicit "Use this skill when:" clause with multiple triggers, satisfying the score 3 anchor; the required when-guidance is present, so it is not capped at 2.

3 / 3

Trigger Term Quality

Natural user phrases are well covered ("snyk fix", "security fix", "remediate vulnerabilities", "fix a specific CVE", "fix all high/critical", "upgrade a vulnerable dependency"), giving good coverage of terms users would actually say.

3 / 3

Distinctiveness Conflict Risk

Snyk-specific terminology and a clear security-remediation niche with distinct triggers make it unlikely to fire for the wrong skill, matching the clear-niche score 3 anchor rather than the overlapping score 2.

3 / 3

Total

12

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

skill_md_line_count

SKILL.md is long (532 lines); consider splitting into references/ and linking

Warning

Total

15

/

16

Passed

Repository
snyk/studio-recipes
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.