Automated audit: This issue was generated by NLPM, a natural language programming linter, running via claude-code-action. Please evaluate the findings on their merits.
About this audit
NLPM (Natural Language Programming Manager) is an open-source linter for Claude Code plugin/skill repositories. It runs a 100-point quality scoring pass and a structural bug scan on NL artifacts (SKILL.md files, agent definitions, etc.). This audit sampled 100 of the 754 skills in this repository.
Overall score: 79/100 — a strong result. ~42% of sampled files scored ≥ 90, reflecting genuinely high-quality authorship. The bugs listed below are purely mechanical defects, not quality judgements.
Security: No security concerns. The offensive tooling wrappers (Metasploit, Sliver, Covenant, BloodHound) are contextually appropriate for a red-team/pentest skills repository and show no malicious patterns.
Bugs Found (7 total, all mechanical)
Category 1: Word-split tags (3 files)
Three SKILL.md files have tags: frontmatter that are words split from the skill filename rather than meaningful cybersecurity discovery terms. Tags like analyzing, block, with, and logs match unrelated content and provide no routing value for agents.
| # |
File |
Bad tags |
| 1 |
analyzing-powershell-script-block-logging/SKILL.md |
[analyzing, powershell, script, block] |
| 2 |
analyzing-azure-activity-logs-for-threats/SKILL.md |
[analyzing, azure, activity, logs] |
| 3 |
analyzing-memory-forensics-with-lime-and-volatility/SKILL.md |
[analyzing, memory, forensics, with] |
Fix: Replace with domain-specific tags (e.g., [powershell, script-block-logging, event-id-4104, obfuscation-detection, windows-forensics, endpoint-security]).
→ PR #44 fixes all three files.
Category 2: Stub files — prerequisites listed but no code present (4 files)
Four SKILL.md files list Python libraries in their Prerequisites section but contain only prose bullet steps with no actual code. This creates a contradiction: the skill claims to use boto3 / sslyze / msal / requests, but an agent following the skill has nothing concrete to implement.
| # |
File |
Listed prerequisites |
Problem |
| 4 |
performing-ssl-tls-security-assessment/SKILL.md |
sslyze |
4 prose bullets, no code, 1-line output |
| 5 |
detecting-aws-cloudtrail-anomalies/SKILL.md |
boto3 |
4 prose bullets, no code, 1-line output |
| 6 |
analyzing-office365-audit-logs-for-compromise/SKILL.md |
msal, requests |
7 prose bullets, no code, 2-line output |
| 7 |
performing-red-team-with-covenant/SKILL.md |
requests |
5 prose bullets, no API calls, 1-sentence output |
Fix: Add a complete Python workflow for each file, matching the high-quality template used in the 95-point skills in this repository.
→ PR #45 fixes performing-ssl-tls-security-assessment
→ PR #46 fixes detecting-aws-cloudtrail-anomalies
→ PR #47 fixes analyzing-office365-audit-logs-for-compromise
→ PR #48 fixes performing-red-team-with-covenant
PRs Submitted
| PR |
Files Changed |
Type |
| #44 |
3 SKILL.md files |
Tag fix |
| #45 |
performing-ssl-tls-security-assessment/SKILL.md |
Stub fix |
| #46 |
detecting-aws-cloudtrail-anomalies/SKILL.md |
Stub fix |
| #47 |
analyzing-office365-audit-logs-for-compromise/SKILL.md |
Stub fix |
| #48 |
performing-red-team-with-covenant/SKILL.md |
Stub fix |
What was NOT submitted
- Quality issues (generic "When to Use" boilerplate, missing Output Format sections, circular WTU text): These affect ~35% of sampled files but are content quality gaps, not mechanical defects. They would require individual authorial attention per skill and are not appropriate for automated PRs.
- Security findings: None warranted changes. The offensive tooling (Metasploit, Sliver, BloodHound wrappers) is appropriate for this repository's domain and shows no malicious patterns.
Thank you for maintaining this repository — the high-quality skills (42% of the sample) are genuinely excellent reference material for cybersecurity agents. Please feel free to close or modify any of the PRs that don't fit your standards or workflow.
About this audit
NLPM (Natural Language Programming Manager) is an open-source linter for Claude Code plugin/skill repositories. It runs a 100-point quality scoring pass and a structural bug scan on NL artifacts (SKILL.md files, agent definitions, etc.). This audit sampled 100 of the 754 skills in this repository.
Overall score: 79/100 — a strong result. ~42% of sampled files scored ≥ 90, reflecting genuinely high-quality authorship. The bugs listed below are purely mechanical defects, not quality judgements.
Security: No security concerns. The offensive tooling wrappers (Metasploit, Sliver, Covenant, BloodHound) are contextually appropriate for a red-team/pentest skills repository and show no malicious patterns.
Bugs Found (7 total, all mechanical)
Category 1: Word-split tags (3 files)
Three SKILL.md files have
tags:frontmatter that are words split from the skill filename rather than meaningful cybersecurity discovery terms. Tags likeanalyzing,block,with, andlogsmatch unrelated content and provide no routing value for agents.analyzing-powershell-script-block-logging/SKILL.md[analyzing, powershell, script, block]analyzing-azure-activity-logs-for-threats/SKILL.md[analyzing, azure, activity, logs]analyzing-memory-forensics-with-lime-and-volatility/SKILL.md[analyzing, memory, forensics, with]Fix: Replace with domain-specific tags (e.g.,
[powershell, script-block-logging, event-id-4104, obfuscation-detection, windows-forensics, endpoint-security]).→ PR #44 fixes all three files.
Category 2: Stub files — prerequisites listed but no code present (4 files)
Four SKILL.md files list Python libraries in their Prerequisites section but contain only prose bullet steps with no actual code. This creates a contradiction: the skill claims to use
boto3/sslyze/msal/requests, but an agent following the skill has nothing concrete to implement.performing-ssl-tls-security-assessment/SKILL.mdsslyzedetecting-aws-cloudtrail-anomalies/SKILL.mdboto3analyzing-office365-audit-logs-for-compromise/SKILL.mdmsal,requestsperforming-red-team-with-covenant/SKILL.mdrequestsFix: Add a complete Python workflow for each file, matching the high-quality template used in the 95-point skills in this repository.
→ PR #45 fixes
performing-ssl-tls-security-assessment→ PR #46 fixes
detecting-aws-cloudtrail-anomalies→ PR #47 fixes
analyzing-office365-audit-logs-for-compromise→ PR #48 fixes
performing-red-team-with-covenantPRs Submitted
performing-ssl-tls-security-assessment/SKILL.mddetecting-aws-cloudtrail-anomalies/SKILL.mdanalyzing-office365-audit-logs-for-compromise/SKILL.mdperforming-red-team-with-covenant/SKILL.mdWhat was NOT submitted
Thank you for maintaining this repository — the high-quality skills (42% of the sample) are genuinely excellent reference material for cybersecurity agents. Please feel free to close or modify any of the PRs that don't fit your standards or workflow.