Name: tdg-personal/perl-security
Rating: 61.6 (1 reviews)
Author: tdg-personal

tdg-personal/perl-security

Comprehensive Perl security covering taint mode, input validation, safe process execution, DBI parameterized queries, web security (XSS/SQLi/CSRF), and perlcritic security policies.

Quality

77%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

64%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a strong, highly actionable Perl security reference with excellent executable code examples covering a wide range of security concerns. Its main weaknesses are its monolithic length without progressive disclosure to separate files, and the lack of a clear sequential workflow with validation checkpoints for performing a security review or hardening process. Minor verbosity in introductory/closing text could be trimmed.

Suggestions

Add a clear sequential workflow section (e.g., 'Security Review Process: 1. Enable taint mode → 2. Run perlcritic → 3. Fix findings → 4. Re-run until clean → 5. Manual review of checklist items') with explicit validation gates.

Split detailed sections (Web Security, DBI patterns, Safe File Operations) into separate referenced files and keep SKILL.md as a concise overview with links, reducing the monolithic ~350-line document.

Remove the 'How It Works' paragraph and the closing 'Remember' paragraph — both restate what the code examples already demonstrate and add no new information.

Dimension	Reasoning	Score
Conciseness	The skill is fairly comprehensive but includes some unnecessary verbosity, such as the 'How It Works' paragraph that restates what the sections already demonstrate, the 'Remember' closing paragraph that summarizes what's already covered, and occasional comments that explain obvious things. However, most content is substantive and code-heavy, which is good.	2 / 3
Actionability	Excellent actionability throughout — nearly every section includes fully executable Perl code examples with both good and bad patterns clearly labeled. The code is copy-paste ready with proper use statements, function signatures, and error handling. The perlcritic configuration and bash commands are also directly usable.	3 / 3
Workflow Clarity	The skill covers many security domains but doesn't present a clear sequential workflow with validation checkpoints. The checklist at the end is helpful but is a static reference rather than a step-by-step process. For a security review workflow, there's no explicit 'run perlcritic first, then check X, then validate Y' sequence with feedback loops for remediation.	2 / 3
Progressive Disclosure	The content is well-organized with clear section headers and a useful summary table, but it's a monolithic document (~350 lines) that could benefit from splitting detailed sections (e.g., web security, DBI patterns) into separate referenced files. There are no cross-references to external files for deeper dives on any topic.	2 / 3
	Total	9 / 12 Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong description with excellent specificity and domain-relevant trigger terms that clearly carve out a distinct niche for Perl security. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill over others. The description uses proper third-person voice and avoids vague language.

Suggestions

Add a 'Use when...' clause such as 'Use when the user asks about Perl security, sanitizing Perl input, preventing injection attacks in Perl, or running perlcritic security audits.'

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions and topics: taint mode, input validation, safe process execution, DBI parameterized queries, XSS/SQLi/CSRF prevention, and perlcritic security policies. These are all concrete, well-defined capabilities.	3 / 3
Completeness	Clearly answers 'what does this do' with comprehensive coverage of Perl security topics, but lacks an explicit 'Use when...' clause or equivalent trigger guidance, which per the rubric caps completeness at 2.	2 / 3
Trigger Term Quality	Includes strong natural keywords users would search for: 'taint mode', 'input validation', 'DBI parameterized queries', 'XSS', 'SQLi', 'CSRF', 'perlcritic', 'Perl security'. These are terms developers naturally use when seeking help with Perl security topics.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive due to the Perl-specific focus combined with security domain. Terms like 'taint mode', 'perlcritic', and 'DBI parameterized queries' are uniquely Perl-related and unlikely to conflict with general security or other language security skills.	3 / 3
	Total	11 / 12 Passed

Validation

81%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 9 / 11 Passed

Validation for skill structure

Criteria	Description	Result
skill_md_line_count	SKILL.md is long (504 lines); consider splitting into references/ and linking	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	9 / 11 Passed

Reviewed

2 months ago

Table of Contents

Discovery Implementation Validation