best-practices

Apply modern web development best practices for security, compatibility, and code quality. Use when asked to "apply best practices", "security audit", "modernize code", "code quality review", or "check for vulnerabilities". Do NOT use for accessibility (use web-accessibility), SEO (use seo), performance (use core-web-vitals), or comprehensive multi-area audits (use web-quality-audit).

Quality

77%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./packages/skills-catalog/skills/(quality)/web-best-practices/SKILL.md

Quality

Content

64%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a solid reference-style skill with excellent actionability through concrete code examples and clear ❌/✅ patterns. Its main weaknesses are length (could be more concise by trimming examples Claude can infer) and lack of a clear audit workflow with validation checkpoints. The checklist at the end partially compensates but doesn't describe a sequenced process.

Suggestions

Add a brief workflow section at the top describing the sequence for performing a best practices audit (e.g., 1. Check security headers, 2. Run npm audit, 3. Validate HTML, 4. Review for deprecated APIs) with explicit validation steps.

Trim verbose examples—e.g., the full HTML document examples for doctype/charset/viewport could be condensed since Claude understands HTML structure; focus only on the specific line that matters.

Consider splitting the detailed security headers and CSP sections into a separate reference file to reduce the main skill's token footprint.

Dimension	Reasoning	Score
Conciseness	The skill is fairly comprehensive but includes some content Claude already knows (e.g., basic HTML structure, what semantic HTML is, how event delegation works). Several examples are more verbose than necessary—showing full HTML document structures for simple points like charset placement. However, it avoids lengthy prose explanations and relies mostly on code examples.	2 / 3
Actionability	The skill provides concrete, executable code examples throughout—HTML snippets, JavaScript patterns, shell commands, configuration examples, and HTTP headers. The ❌/✅ pattern makes it immediately clear what to do and what to avoid, and the code is copy-paste ready.	3 / 3
Workflow Clarity	The audit checklist at the end provides a clear sequence of checks, but there's no explicit workflow for performing a best practices audit (e.g., start here, validate this, then check that). The skill reads more as a reference catalog than a guided process. For a security audit or code quality review, there are no validation/feedback loops described.	2 / 3
Progressive Disclosure	The content is well-organized with clear section headers and a logical grouping, but it's quite long (~400 lines) and could benefit from splitting detailed sections (e.g., CSP configuration, security headers) into separate reference files. The references section at the bottom is minimal but appropriate. No bundle files exist to offload detail into.	2 / 3
	Total	9 / 12 Passed

Description

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a well-crafted skill description with excellent completeness and distinctiveness. The explicit 'Use when' and 'Do NOT use' clauses with named alternative skills make it highly effective for skill selection. The main weakness is that the capability description stays at a category level rather than listing specific concrete actions the skill performs.

Suggestions

Add 2-3 specific concrete actions to improve specificity, e.g., 'Identifies XSS/CSRF vulnerabilities, updates deprecated APIs, enforces Content Security Policy headers, validates input sanitization.'

Dimension	Reasoning	Score
Specificity	The description names the domain (web development) and mentions areas like security, compatibility, and code quality, but doesn't list specific concrete actions (e.g., 'sanitize inputs', 'update deprecated APIs', 'add CSP headers'). The actions remain at a category level rather than enumerating specific tasks.	2 / 3
Completeness	Clearly answers both 'what' (apply modern web development best practices for security, compatibility, and code quality) and 'when' (explicit 'Use when' clause with trigger phrases). Additionally includes explicit 'Do NOT use' guidance with alternatives, which strengthens the when/when-not clarity.	3 / 3
Trigger Term Quality	Includes strong natural trigger terms users would actually say: 'apply best practices', 'security audit', 'modernize code', 'code quality review', 'check for vulnerabilities'. These are realistic phrases a user would type.	3 / 3
Distinctiveness Conflict Risk	Excellent distinctiveness through explicit negative boundaries — it clearly delineates itself from web-accessibility, seo, core-web-vitals, and web-quality-audit skills, making conflict with related skills very unlikely.	3 / 3
	Total	11 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
skill_md_line_count	SKILL.md is long (617 lines); consider splitting into references/ and linking	Warning

	Total	10 / 11 Passed

Repository: tech-leads-club/agent-skills
Commit: 5f9b25d

Reviewed: 5 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.