tdg-personal/security-bounty-hunter
Hunt for exploitable, bounty-worthy security issues in repositories. Focuses on remotely reachable vulnerabilities that qualify for real reports instead of noisy local-only findings.
76
76%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
57%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description establishes a clear and distinctive niche around bug-bounty-style security vulnerability hunting, which differentiates it well from generic security or code review skills. However, it lacks an explicit 'Use when...' clause and could benefit from more specific concrete actions and natural trigger terms that users would employ when requesting security analysis.
Suggestions
Add an explicit 'Use when...' clause with trigger terms like 'bug bounty', 'security audit', 'pentest', 'find vulnerabilities', 'security review', 'OWASP'.
List more specific concrete actions such as 'analyze authentication flows, check for injection flaws, review input validation, identify SSRF/IDOR patterns, assess API security'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security/vulnerability hunting) and describes the focus area (remotely reachable, bounty-worthy vulnerabilities), but doesn't list specific concrete actions like 'analyze input validation, check authentication flows, test for injection flaws'. | 2 / 3 |
Completeness | The 'what' is reasonably covered (hunt for exploitable security issues in repos), but there is no explicit 'Use when...' clause or equivalent trigger guidance, which caps this at 2 per the rubric guidelines. | 2 / 3 |
Trigger Term Quality | Includes some relevant terms like 'security issues', 'bounty-worthy', 'vulnerabilities', and 'repositories', but misses common user phrases like 'bug bounty', 'pentest', 'security audit', 'code review for security', 'CVE', 'OWASP'. | 2 / 3 |
Distinctiveness Conflict Risk | The description carves out a clear niche: bounty-worthy, remotely reachable vulnerabilities in repositories. The distinction from generic code review or local-only security scanning is explicitly stated, making it unlikely to conflict with general code analysis skills. | 3 / 3 |
Total | 9 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, focused skill that efficiently communicates what to look for, what to skip, and how to structure the workflow and output. Its main weakness is that the actionability could be stronger with more concrete code examples showing how to trace attack paths or verify exploitability beyond the single semgrep command. Overall it's a strong skill that respects Claude's intelligence while providing genuinely useful, non-obvious guidance.
Suggestions
Add 1-2 concrete code examples showing how to trace a user-controlled input to a dangerous sink (e.g., a Python snippet grepping for route handlers that pass request params to subprocess or URL fetchers).
Include a small worked example of a real triage decision: show a semgrep finding, the code path analysis, and the accept/reject reasoning.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Every section earns its place. The tables are dense and informative, the skip list prevents wasted effort, and there's no explanation of concepts Claude already knows. No padding or unnecessary context. | 3 / 3 |
Actionability | The workflow steps are clear and the report template is useful, but guidance is mostly directional rather than executable. The semgrep command is the only concrete command; the triage loop and code-reading steps lack specific techniques or code examples for tracing user input to sinks. | 2 / 3 |
Workflow Clarity | The 7-step workflow is clearly sequenced from scope check through duplicate check. The quality gate serves as an explicit validation checkpoint before submission, and the triage loop includes a filter-then-verify feedback pattern. Steps are logically ordered with clear decision points. | 3 / 3 |
Progressive Disclosure | For a skill of this size and scope, the content is well-organized into clearly labeled sections (in-scope patterns, skip list, workflow, report structure, quality gate) without being monolithic. No external references are needed given the self-contained nature of the guidance. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
Reviewed
Table of Contents