tdg-personal/perl-security
Comprehensive Perl security covering taint mode, input validation, safe process execution, DBI parameterized queries, web security (XSS/SQLi/CSRF), and perlcritic security policies.
77
77%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity and domain-relevant trigger terms that clearly carve out a distinct niche for Perl security. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill over others. The description uses proper third-person voice and avoids vague language.
Suggestions
Add a 'Use when...' clause such as 'Use when the user asks about Perl security, sanitizing Perl input, preventing injection attacks in Perl, or running perlcritic security audits.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and topics: taint mode, input validation, safe process execution, DBI parameterized queries, XSS/SQLi/CSRF prevention, and perlcritic security policies. These are all concrete, well-defined capabilities. | 3 / 3 |
Completeness | Clearly answers 'what does this do' with comprehensive coverage of Perl security topics, but lacks an explicit 'Use when...' clause or equivalent trigger guidance, which per the rubric caps completeness at 2. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would search for: 'taint mode', 'input validation', 'DBI parameterized queries', 'XSS', 'SQLi', 'CSRF', 'perlcritic', 'Perl security'. These are terms developers naturally use when seeking help with Perl security topics. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the Perl-specific focus combined with security domain. Terms like 'taint mode', 'perlcritic', and 'DBI parameterized queries' are uniquely Perl-related and unlikely to conflict with general security or other language security skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, highly actionable Perl security reference with excellent executable code examples covering a wide range of security concerns. Its main weaknesses are its monolithic length without progressive disclosure to separate files, and the lack of a clear sequential workflow with validation checkpoints for performing a security review or hardening process. Minor verbosity in introductory/closing text could be trimmed.
Suggestions
Add a clear sequential workflow section (e.g., 'Security Review Process: 1. Enable taint mode → 2. Run perlcritic → 3. Fix findings → 4. Re-run until clean → 5. Manual review of checklist items') with explicit validation gates.
Split detailed sections (Web Security, DBI patterns, Safe File Operations) into separate referenced files and keep SKILL.md as a concise overview with links, reducing the monolithic ~350-line document.
Remove the 'How It Works' paragraph and the closing 'Remember' paragraph — both restate what the code examples already demonstrate and add no new information.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is fairly comprehensive but includes some unnecessary verbosity, such as the 'How It Works' paragraph that restates what the sections already demonstrate, the 'Remember' closing paragraph that summarizes what's already covered, and occasional comments that explain obvious things. However, most content is substantive and code-heavy, which is good. | 2 / 3 |
Actionability | Excellent actionability throughout — nearly every section includes fully executable Perl code examples with both good and bad patterns clearly labeled. The code is copy-paste ready with proper use statements, function signatures, and error handling. The perlcritic configuration and bash commands are also directly usable. | 3 / 3 |
Workflow Clarity | The skill covers many security domains but doesn't present a clear sequential workflow with validation checkpoints. The checklist at the end is helpful but is a static reference rather than a step-by-step process. For a security review workflow, there's no explicit 'run perlcritic first, then check X, then validate Y' sequence with feedback loops for remediation. | 2 / 3 |
Progressive Disclosure | The content is well-organized with clear section headers and a useful summary table, but it's a monolithic document (~350 lines) that could benefit from splitting detailed sections (e.g., web security, DBI patterns) into separate referenced files. There are no cross-references to external files for deeper dives on any topic. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (504 lines); consider splitting into references/ and linking | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
Reviewed
Table of Contents