Agent skill

skill-tester

This skill should be used whenever the user wants to test a skill's behavior, analyze how it uses the Claude API, inspect inputs/outputs from scripts, or run security and code review audits against skill scripts. Even for casual phrases like "test my skill", "analyze this skill", "audit skill scripts", "review skill for security issues", "what does this skill actually do when it runs", "inspect API calls from skill", "run a skill through its paces", "check my skill for bugs or vulnerabilities". Also trigger when the user shows you a SKILL.md and asks you to evaluate, critique, or stress-test it.

Stars 6
Forks 0

Install this agent skill to your Project

npx add-skill https://github.com/ddunnock/claude-plugins/tree/main/skills/skill-tester

SKILL.md

Skill Tester & Analyzer

A meta-skill for deeply testing and auditing other Claude skills. It instruments test runs to capture raw API call traces, records all script stdin/stdout/stderr with timing, and runs deterministic security scans followed by dedicated security and code review subagents against any scripts embedded in the skill.


Session Directory Layout

<report_root>/<skill_name>_<YYYYMMDD_HHMMSS>/
├── manifest.json          # Validation results and session metadata (created by setup_test_env.py)
├── sandbox/               # Isolated workspace for script execution
├── inventory.json         # Skill structure scan
├── scan_results.json      # Deterministic security findings (B9 — runs first)
├── prompt_lint.json       # Deterministic prompt quality findings (B11 — runs first)
├── prompt_review.json     # AI prompt quality analysis (receives prompt_lint as input)
├── api_log.jsonl          # All Claude API calls (one JSON object per line)
├── script_runs.jsonl      # All script executions with I/O
├── security_report.json   # AI security analysis (receives scan_results as input)
├── code_review.json       # Code quality review
├── session_report.html    # Claude Code session trace (API calls, tool use, conversation)
└── report.html            # Unified interactive HTML report

Modes

Mode Description Phases Run Command
Full (default) Complete analysis: scan → prompt-lint → test → security → review → report All (2-9) /st:run
Audit Static analysis only, no test execution 2-4, 6-7, 9 /st:audit
Trace Runtime capture only, no security/code review 2, 5, 8, 9 /st:trace
Report Re-generate HTML from existing session data 9 only /st:report

Commands

Command Mode Phases Purpose
/st:init All 1 Set up session: target, mode, prompts, report location
/st:run Full 2-9 Execute all analysis phases
/st:audit Audit 2-4, 6-7, 9 Static analysis only
/st:trace Trace 2, 5, 8, 9 Runtime capture only
/st:report Report 9 Regenerate HTML from session data
/st:status N/A Show session state
/st:resume Any Variable Resume interrupted session




Interpreting Results

Security Severity Levels

Level Meaning Action
CRITICAL Active exploit risk (e.g., shell injection, RCE, hardcoded production key) Block — do not use skill; fix immediately
HIGH Likely data exposure or privilege escalation Fix before production
MEDIUM Defense-in-depth gap; not immediately exploitable Fix in next iteration
LOW Style/practice issue with minor security implications Note in report
INFO Observation, no risk Informational only

Code Quality Score (0–10)

Range Interpretation
9–10 Production-ready
7–8 Minor improvements needed
5–6 Significant gaps — refactoring advised
< 5 Major issues — rework required

Expand your agent's capabilities with these related and highly-rated skills.

ddunnock/claude-plugins

streaming-output

Stream long-form content to markdown files with resume capability. Writes content incrementally with section markers, enabling recovery if context limits are hit. Use when generating long documents (over 1000 lines), B-SPEC or specification writing, multi-section reports, any task where context compaction may occur mid-generation, or when user explicitly requests streaming output. Commands: init, write, status, resume, finalize, repair.

6 0
Explore
ddunnock/claude-plugins

fishbone-diagram

Create comprehensive Fishbone (Ishikawa/Cause-and-Effect) diagrams for structured root cause brainstorming. Guides teams through problem definition, category selection (6Ms, 8Ps, 4Ss, or custom), cause identification, sub-cause drilling, prioritization via multi-voting, and 5 Whys integration. Generates visual SVG diagrams and professional HTML reports. Use when brainstorming potential causes, conducting root cause analysis, facilitating quality improvement sessions, analyzing defects or failures, structuring team problem-solving, or when user mentions "fishbone", "Ishikawa", "cause and effect diagram", "6Ms", "cause analysis", or "brainstorming causes".

6 0
Explore
ddunnock/claude-plugins

streaming-output-mcp

Stream structured content to persistent SQLite storage with automatic session break recovery. Core principle: The content IS the state. Every stream_write is automatically persistent. Supports multi-format export (Markdown, HTML, JSON, YAML, CSV, Text) and 7 document templates. Commands: /stream-init, /stream-status, /stream-read, /stream-write, /stream-export. ALWAYS call stream_status after session breaks to check for resume_from and preserved_context.

6 0
Explore
ddunnock/claude-plugins

fmea-analysis

Conduct Failure Mode and Effects Analysis (FMEA) for systematic identification and risk assessment of potential failures in designs, processes, or systems. Supports DFMEA (Design), PFMEA (Process), and FMEA-MSR (Monitoring & System Response). Uses AIAG-VDA 7-step methodology with Action Priority (AP) risk assessment replacing traditional RPN. Use when analyzing product designs for potential failures, evaluating manufacturing process risks, conducting proactive risk assessment, preparing for APQP/PPAP submissions, investigating field failures, or when user mentions "FMEA", "failure mode", "DFMEA", "PFMEA", "severity occurrence detection", "RPN", "Action Priority", "design risk analysis", or needs to identify and prioritize potential failure modes with their causes and effects.

6 0
Explore
ddunnock/claude-plugins

problem-definition

Guide RCCA/8D problem definition using 5W2H and IS/IS NOT analysis. Transforms scattered failure data into precise, measurable problem statements that bound investigation scope without embedding cause or solution. Use when defining problems for root cause analysis, writing D2 sections of 8D reports, analyzing nonconformances, investigating failures, or when user mentions problem definition, problem statement, RCCA, 8D, failure analysis, or corrective action.

6 0
Explore
ddunnock/claude-plugins

kepner-tregoe-analysis

Conduct Kepner-Tregoe (KT) Problem Solving and Decision Making (PSDM) analysis using the four rational processes - Situation Appraisal, Problem Analysis, Decision Analysis, and Potential Problem Analysis. Use when performing structured root cause analysis, making complex decisions, evaluating alternatives with weighted criteria, conducting IS/IS NOT specification analysis, anticipating implementation risks, troubleshooting complex issues, or when user mentions "Kepner-Tregoe", "KT method", "IS/IS NOT", "situation appraisal", "decision analysis", "MUSTS and WANTS", "potential problem analysis", or needs systematic problem-solving methodology. Includes specification matrices, decision scoring, quality rubrics, and professional report generation.

6 0
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results