A real boost on standard / older models (+33.3); today's top models already have this built in.
Today's top models
This tier already does it — no lift to add · e.g. Claude 4 · GPT-4-class · DeepSeek-V3
100% without → 100% with · measured on deepseek-chat (4×5)
Standard / older models
Clearly better with it (+33.3 pts) · e.g. MiniMax-Text-01 · smaller open models
0% without → 33% with · measured on MiniMax-Text-01 (4×6)
How: we install the skill into a real model, run the same tasks with it vs without, and compare — labeled with the exact model + sample size above.
What it claims to do
|- Reference for the Claude API / Anthropic SDK — model ids, pricing, params, streaming, tool use, MCP, agents, caching, token counting, model migration. TRIGGER — read BEFORE opening the target file; don't skip because it "looks like a one…
What we found · 8
Description doesn’t say WHEN to use itmediumA good description names the trigger (e.g. "when reviewing a PR"). Without it the skill mis-fires or never fires.
Trigger is too broadmediumWords like "whenever", "any", "all" make it fire everywhere and fight other skills for the same task — the #1 cause of conflicts.
Bloated: high token costmedium~18,325 tokens on every single call. Compress instructions and trim examples.
References API keys / env configmediumReads an API key or env var — normal for API clients. Ensure keys come from the runtime (not hardcoded); a leak risk only if sent to an untrusted endpoint.
Contains curl / wget network commandmediumAccesses the network from the shell. If the target is untrusted it can pull malware or exfiltrate data.
Reads credentials and makes network calls — verify the destinationmediumThe normal shape of an API client (your key → the API). Static analysis sees the capability, not the intent — confirm the endpoint is one you trust; it is a data-leak risk only if it is not.
Description too longlowThe description is read on every trigger check; overly long ones waste tokens and dilute the signal.
Repeated contentlow~2 duplicate lines detected; de-duping is free token savings.
Conflicts with · 8
xlsx
shadow
read, open, file
cloudflare-email-service
shadow
api, sdk, agent
pdf
shadow
read, one
pptx
shadow
read, file
brand-guidelines
shadow
anthropic
docx
shadow
read
internal-comms
shadow
claude
mcp-builder
overlap
api, model, tool, mcp
If you have both installed, they compete for the same triggers — the top cause of an agent picking the wrong skill.
Have you installed claude-api? Scan everything you run.
One command grades every skill in your Claude Code / Codex — safety, token bloat, and conflicts, 100% locally.
Does this rating match your experience with claude-api?
Anonymous & aggregate. We watch these as a trend and re-check flagged skills — a single click never moves a grade on its own.
Independent static analysis by SkillMOO — the Consumer Reports for agent skills. Safety, token, and conflict grades are computed, not opinions. Efficacy is only ever claimed when measured. We rate & link to the source; we do not rehost skill content.