security-review
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
Install with Tessl CLI
npx tessl i github:ysyecust/everything-claude-code --skill security-review94
Quality
79%
Does it follow best practices?
Impact
97%
1.07xAverage score across 9 eval scenarios
Optimize this skill with Tessl
npx tessl skill review --optimize ./docs/zh-TW/skills/security-review/SKILL.mdDiscovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description has strong trigger term coverage and completeness with an explicit 'Use when' clause listing multiple scenarios. However, it lacks specificity about concrete actions (what security patterns? what does the checklist cover?) and could potentially conflict with other development-focused skills. The description would benefit from more specific capability statements.
Suggestions
Replace 'Provides comprehensive security checklist and patterns' with specific actions like 'Validates input sanitization, implements CSRF protection, reviews authentication flows, audits secret handling'
Add distinguishing terms to reduce conflict risk, such as 'security review', 'vulnerability check', 'secure coding' to differentiate from general API or auth skills
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security) and lists several areas (authentication, user input, secrets, API endpoints, payment features), but lacks concrete actions - 'Provides comprehensive security checklist and patterns' is vague about what specific actions are performed. | 2 / 3 |
Completeness | Explicitly answers both what ('Provides comprehensive security checklist and patterns') and when ('Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features'). | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'authentication', 'user input', 'secrets', 'API endpoints', 'payment', 'sensitive features'. These are terms developers naturally use when discussing security concerns. | 3 / 3 |
Distinctiveness Conflict Risk | While security-focused, terms like 'API endpoints' and 'authentication' could overlap with general API development or auth-specific skills. The security niche is clear but boundaries with adjacent skills could blur. | 2 / 3 |
Total | 10 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, actionable security skill with excellent concrete examples showing both anti-patterns and correct implementations. The comprehensive checklists and executable code make it highly practical. However, the document is lengthy and could benefit from better progressive disclosure by moving detailed examples to separate files, and some content is slightly redundant.
Suggestions
Consider splitting detailed code examples for each security domain (auth, XSS, CSRF, etc.) into separate reference files, keeping SKILL.md as a concise overview with links
Remove the duplicate deployment checklist items that already appear in each section's verification steps to reduce redundancy
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but includes some redundant explanations and could be more concise. The checklist items are repeated in multiple places (inline and at the end), and some sections like the intro could be trimmed. | 2 / 3 |
Actionability | Excellent actionability with fully executable TypeScript/SQL code examples throughout. Each security concern has concrete ❌ bad and ✅ good patterns that are copy-paste ready, plus specific validation checklists. | 3 / 3 |
Workflow Clarity | Clear structure with numbered sections, explicit validation checklists after each topic, and a comprehensive pre-deployment checklist. The workflow for security review is well-sequenced with clear checkpoints. | 3 / 3 |
Progressive Disclosure | Content is well-organized with clear sections, but the file is quite long (~400 lines) and could benefit from splitting detailed examples into separate reference files. External resources are linked at the end but inline content could be better distributed. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.