Poor
3 critical
11 warnings
11 suggestions
84 passed
Domain scores
Anti-Slop
100
Accessibility
100
Enterprise
100
Issues
Critical (3)
7.2-injection-riskline 123
Potential injection risk: unescaped variable in shell
Fix: Sanitize inputs and use parameterized commands
7.2-injection-riskline 124
Potential injection risk: unescaped variable in shell
Fix: Sanitize inputs and use parameterized commands
7.2-injection-riskline 125
Potential injection risk: unescaped variable in shell
Fix: Sanitize inputs and use parameterized commands
Warnings (11)
16.2-no-guardrailsline 25
Skill uses Bash or destructive operations without safety guardrails
Fix: Add guardrails: specify forbidden commands, require confirmation for destructive actions, or use --dry-run patterns
19.2-reviewer-no-criterialine 25
Reviewer pattern detected but no evaluation criteria documented
Fix: Add a criteria section (checklist, rubric, or pass/fail conditions)
19.5-pipeline-no-stagesline 25
Pipeline pattern detected but no stage documentation found
Fix: Document the pipeline stages, checkpoints, and data flow between stages
4.5-desc-no-triggersline 2
Description lacks triggering conditions
Fix: Add phrases like 'Use when...', 'Triggers on...', or 'Applies to...' to help Claude select this skill
4.7-desc-workflow-stepsline 2
Description contains workflow sequential step ('then '): Claude may treat description as complete instruction and skip SKILL.md body
Fix: Move workflow steps to the SKILL.md body. Description should only contain activation triggers (when to use, what it does)
1.2-desc-whatline 3
Description missing WHAT clause (action verb) - recommended by agentskills spec
Fix: Consider starting with what the skill does, e.g., 'Creates...', 'Generates...', 'Validates...'
1.2-desc-whenline 3
Description missing WHEN clause - recommended by agentskills spec
Fix: Consider adding 'Use when...' or 'Activate when...' to description
1.3-tools-unknownline 5
Unknown tool 'TeamCreate' in allowed-tools
Fix: Use known tools: Read, Write, Edit, Bash, Glob, Grep, etc.
1.3-tools-unknownline 5
Unknown tool 'SendMessage' in allowed-tools
Fix: Use known tools: Read, Write, Edit, Bash, Glob, Grep, etc.
12.3-workflow-vague-stepline 177
Step is too brief to be actionable: "..."
Fix: Add specific details: what, where, and how
12.3-workflow-vague-stepline 178
Step is too brief to be actionable: "..."
Fix: Add specific details: what, where, and how
Suggestions (11)
16.3-no-rollbackline 25
State-modifying skill lacks rollback or recovery guidance
Fix: Add rollback instructions: how to undo changes if something goes wrong (e.g., git revert, backup/restore steps)
16.4-no-idempotencyline 25
Skill does not document whether it is safe to re-run
Fix: Add idempotency guidance: state whether running the skill twice produces the same result or causes side effects
17.1-no-input-contractline 25
No input contract found; unclear what data the skill expects
Fix: Document what the skill expects as input (format, required fields, constraints)
17.2-no-output-contractline 25
No output contract found; unclear what the skill produces
Fix: Document what the skill produces (format, structure, side effects)
17.3-no-mode-awarenessline 25
Skill does not clarify standalone vs composed behavior
Fix: Clarify whether the skill works standalone, in pipelines, or both
14.2-no-examplesline 1
No input/output examples found
Fix: Add example input/output pairs or <example> blocks to make the skill testable
3.4-gerund-namingline 2
Skill name could use gerund form for clarity
Fix: Consider gerund-style names like 'processing-pdfs' or 'analyzing-logs' (per best practices)
18.1-no-confidence-signalline 1
No confidence signal found for orchestrator decision-making
Fix: Add confidence indicators (e.g., confidence: high/medium/low) so orchestrators can route or retry
18.3-no-structured-outputline 1
No structured output format defined for machine consumption
Fix: Define a structured output format (JSON, YAML, or table) so downstream tools can parse results
4.2-ambiguous-termline 32
Ambiguous term 'good' found
Fix: Replace with specific, measurable criteria
4.2-ambiguous-termline 189
Ambiguous term 'appropriate' found
Fix: Replace with specific, measurable criteria
OWASP Agentic (Cat 26)
Agent surface detected — declares tool beyond Read/Glob/Grep: Bash; declares tool beyond Read/Glob/Grep: Skill; declares tool beyond Read/Glob/Grep: Agent; declares tool beyond Read/Glob/Grep: TeamCreate; declares tool beyond Read/Glob/Grep: SendMessage; declares tool beyond Read/Glob/Grep: AskUserQuestion; declares tool beyond Read/Glob/Grep: TaskCreate; declares tool beyond Read/Glob/Grep: TaskUpdate; declares tool beyond Read/Glob/Grep: TaskList; declares tool beyond Read/Glob/Grep: CronCreate; declares tool beyond Read/Glob/Grep: CronList; declares tool beyond Read/Glob/Grep: WebFetch; ingests external content; orchestrates subagents; performs consequential actions
2 warning
1 suggestion
-
26.02-ASI02-unconstrained-bash
warning
Bash is granted with no constraint note (which commands, why)
Fix: document which Bash commands the skill runs and why, or narrow the grant
-
26.02-ASI02-over-grant
suggestion
15 tools declared with no per-tool rationale
Fix: add a one-line rationale per tool, or trim the set to the minimum the task needs
-
26.11-ASI11-no-audit
warning
skill performs consequential actions with zero logging/audit language
Fix: document a logging/audit/provenance step (correlation id, structured log, handoff) for consequential actions
ASI-01: passASI-02: failASI-03: skippedASI-04: skippedASI-05: skippedASI-06: skippedASI-07: passASI-08: skippedASI-09: skippedASI-10: skippedASI-11: fail
Badges
skillcheck
✕ passed
skillcheck
antislop 100
skillcheck
WCAG AA
skillcheck
WCAG AAA
skillcheck
enterprise