Skip to content

Add skill-quality-analyzer and skill-security-analyzer to marketplace #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add skill-quality-analyzer and skill-security-analyzer to marketplace #83

wants to merge 1 commit into from
+5,090 −1

Conversation

@eovidiu
Copy link

@eovidiu eovidiu commented Nov 6, 2025

Summary

This PR adds two new meta skills to the example-skills collection in the marketplace:

1. skill-quality-analyzer

Comprehensive quality analysis tool for Claude Skills that evaluates across five dimensions:

  • Structure & Documentation (20%) - SKILL.md quality, examples, resources
  • Security (30%) - Uses skill-security-analyzer for automated vulnerability detection
  • User Experience (20%) - Clarity, trigger phrases, workflow documentation
  • Code Quality (15%) - Organization, maintainability, scripts
  • Integration & Tools (15%) - Tool usage, MCP integration, efficiency

Features:

  • Three output modes: Comprehensive Report, Interactive Review, Pass/Fail Certification
  • Balanced scoring system with letter grades (A-F)
  • Actionable recommendations with impact/effort analysis
  • Integration with skill-security-analyzer for automated security checks

2. skill-security-analyzer

Security scanner for Claude Code skills detecting 40+ malicious patterns:

  • Command injection (os.system, eval, exec)
  • Indirect execution (getattr, import)
  • Advanced encoding (ROT13, zlib, XOR, AST)
  • YAML injection (!!python/object/apply)
  • Shell injection (bash -c, python -c)
  • Typosquatting detection (Levenshtein distance)
  • Time bombs, environment manipulation, sandbox escapes
  • Credential theft, data exfiltration

Features:

  • 100% detection rate on test suite of 11 malicious samples
  • Risk ratings: CRITICAL/HIGH/MEDIUM/LOW/SAFE
  • JSON output format for CI/CD integration
  • Comprehensive test suite with malicious samples
  • Pluggable signature database

Changes

  • ✅ Added both skills to .claude-plugin/marketplace.json in example-skills plugin
  • ✅ Updated README.md Meta Skills section with descriptions
  • ✅ Included all skill files, references, scripts, and test samples (25 files total)

Testing

Both skills have been tested locally:

  • skill-quality-analyzer: Evaluated multiple skills across all five dimensions
  • skill-security-analyzer: Achieved 100% detection rate on 11 malicious test samples

Use Cases

skill-quality-analyzer:

  • Evaluating skills before installation
  • Reviewing skills for best practices adherence
  • Certifying skills meet quality standards
  • Comparing multiple skills for quality

skill-security-analyzer:

  • Analyzing skills for security vulnerabilities before installation
  • Auditing existing skills for malicious code
  • CI/CD integration for automated security checks
  • Educational purposes for understanding skill security

These meta skills complement the existing skill-creator by providing quality assurance and security validation for the Claude Skills ecosystem.

@oeftimie
Add skill-quality-analyzer and skill-security-analyzer to marketplace
ceb47a2 
This commit adds two new meta skills to the example-skills collection:

- skill-quality-analyzer: Comprehensive quality analysis tool that evaluates
  Claude Skills across five dimensions (structure, security, UX, code quality,
  and integration) with three output modes (comprehensive report, interactive
  review, pass/fail certification)

- skill-security-analyzer: Security scanner detecting 40+ malicious patterns
  including command injection, obfuscation, YAML injection, typosquatting,
  time bombs, and sandbox escapes. Includes test suite with 11 malicious
  samples achieving 100% detection rate.

Changes:
- Added both skills to .claude-plugin/marketplace.json in example-skills plugin
- Updated README.md Meta Skills section with descriptions
- Included all skill files, references, scripts, and test samples
@tenequm
Copy link

tenequm commented Nov 6, 2025

@eovidiu why not just add the references from skill-quality-analyzer to the existing skill-creator skill to make it able to both create proper aligned with best practices skills and to verify existing skills too?

@eovidiu
Copy link
Author

eovidiu commented Nov 7, 2025

@eovidiu why not just add the references from skill-quality-analyzer to the existing skill-creator skill to make it able to both create proper aligned with best practices skills and to verify existing skills too?

skill-analyzer does a comprehensive report or an run interactively to analyze a skill just created or one from an unknown market. Doens't really fit being packed with the skill-creator

Screenshot 2025-11-07 at 22 56 17

foreveryh pushed a commit to foreveryh/claude-skills-tutorial that referenced this pull request Nov 23, 2025
@claude
feat: add skill-quality-analyzer and skill-security-analyzer articles
36471d8 
Added comprehensive analysis articles for two meta-skills from PR #83:

1. skill-quality-analyzer-deep-dive.mdx (~20,000 words)
   - 5 evaluation dimensions with weighted scoring
   - 3 output modes: comprehensive, interactive, certification
   - 8-step analysis workflow
   - Integration with skill-security-analyzer
   - Download links from GitHub PR #83

2. skill-security-analyzer-deep-dive.mdx (~25,000 words)
   - 40+ malicious pattern detection
   - 6-phase analysis workflow
   - 100% detection rate on test suite
   - CRITICAL/HIGH/MEDIUM/LOW severity classification
   - Risk-based recommendations (REJECT/REVIEW/APPROVE)
   - Download links from GitHub PR #83

Both articles include:
- Complete installation instructions
- Detailed technical explanations
- Usage examples and best practices
- Integration guidance
- Troubleshooting sections

Source: anthropics/skills#83
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@eovidiu @tenequm @oeftimie