xD4O/gap-analysis
skills/gap-analysis/SKILL.md
MANDATORY validation. You MUST invoke this skill before presenting any design, plan, architecture decision, or significant recommendation as final. Runs 7 cognitive debiasing checks: inversion, second-order effects, MECE coverage, map vs territory, adversarial, simplicity, and reversibility. Do NOT present conclusions without running all 7 checks. Invoke after brainstorming produces a design, after a plan is drafted, before any irreversible action, or when asked to validate or review an approach.
$ install --global
skillsauthnpx skillsauth add xD4O/praxis gap-analysisInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 6:23 PM39.7s1 file scanned
SKILL.md
- name:
- gap-analysis
- description:
- >
- checks:
- inversion, second-order effects, MECE coverage, map vs territory, adversarial,
Gap Analysis Protocol
EXTREMELY_IMPORTANT: This is a MANDATORY protocol, not a suggestion. Follow every step. Do not skip steps. Do not combine steps. Do not summarize. Work through each gate in order.
You have produced a design, plan, or recommendation. Before presenting it as final, you MUST run all 7 checks below. Do not skip any. Report each result explicitly.
CHECK 1 — Inversion
Ask: "How would I guarantee this fails?"
List 3 specific failure modes. For each, verify your solution prevents it. If any failure mode is not prevented, flag it as an open risk.
CHECK 2 — Second-order consequences
Ask: "And then what?" three times.
- 1st order: [the immediate intended effect]
- 2nd order: [the effect of that effect — often unintended]
- 3rd order: [the cascading consequence — often counterintuitive]
If 2nd or 3rd order effects are negative, state whether they're acceptable or require design changes.
CHECK 3 — MECE coverage
Ask: "Have I covered the entire problem space with no gaps and no overlaps?"
List the dimensions you've addressed. Identify any dimension you haven't addressed. Gaps are where surprises live.
CHECK 4 — Map vs territory
Ask: "Where does my model diverge from reality?"
List 3 things you simplified, assumed, or ignored. For each, state the risk if reality differs from your model.
CHECK 5 — Adversarial
Ask: "How would a hostile actor exploit this? How would a careless user break this?"
Identify the weakest point. State whether it's acceptable or needs hardening.
CHECK 6 — Simplicity
Ask: "Is there a simpler solution I'm overlooking?"
If yes, state why you chose the more complex approach. The justification must be concrete, not "it might be needed later" (that's YAGNI violation).
CHECK 7 — Reversibility
Ask: "Is this decision reversible?"
- If YES (Type 2): Proceed. Note that it can be unwound if wrong.
- If NO (Type 1): Have you applied proportional rigor? Would you bet your job on this recommendation? If not, what additional verification is needed?
Output format
After completing all 7 checks, summarize:
GAP ANALYSIS COMPLETE
├── Inversion: [X/3 failure modes mitigated] [open risks if any]
├── Second-order: [acceptable / requires changes]
├── MECE: [complete / gap in: ___]
├── Map vs territory: [top risk: ___]
├── Adversarial: [weakest point: ___]
├── Simplicity: [simplest viable / justified complexity]
├── Reversibility: [Type 1 / Type 2]
└── Confidence: [HIGH / MEDIUM / LOW / INSUFFICIENT]
Rationalizations that skip checks:
- "This is straightforward" — straightforward things don't need gap analysis. Non-trivial things do. If you're running this skill, it's non-trivial.
- "The user is in a hurry" — a 2-minute check saves a 2-week failure.
- "I already considered this" — show your work. Implicit checks don't count. </HARD-GATE>
Superpowers handoff
After all 7 checks pass and the design is validated:
If Superpowers is installed → invoke Skill(superpowers:writing-plans) to create the
implementation plan. Pass the validated design and any issues flagged during gap analysis.
Do NOT write the plan inside PRAXIS. PRAXIS validated. Superpowers plans.
If Superpowers is NOT installed → proceed to implementation planning yourself.
Related Skills
xD4O/using-praxis
development
VerifiedTrustedCommunity
MANDATORY — HIGHEST PRIORITY SKILL. You MUST invoke this skill (praxis) BEFORE invoking superpowers:brainstorming or ANY other skill when the task is non-trivial. This skill classifies the problem, selects reasoning frameworks, and runs threat analysis BEFORE brainstorming begins. Do NOT invoke superpowers:brainstorming first. Do NOT respond directly. Do NOT ask clarifying questions on your own. Invoke praxis FIRST, complete its gates, THEN hand off to superpowers:brainstorming. Non-trivial means: system design, feature planning, architecture decisions, debugging, security-sensitive code, trade-off evaluation, code review, or refactoring. Trivial means: fix a typo, rename a variable, answer a factual question, run a command.
9SKILL.mdUpdated Apr 23, 2026
xD4O/strategic-reasoning
development
VerifiedTrustedCommunity
MANDATORY strategic analysis. You MUST invoke this skill for business decisions, product strategy, competitive analysis, roadmap prioritization, or any decision about WHAT to build rather than HOW to build it. Do NOT skip SWOT analysis. Do NOT present strategy without measurable OKRs. Invoke when the problem is about direction, positioning, or priorities rather than implementation.
9SKILL.mdUpdated Apr 23, 2026
xD4O/security-reasoning
development
VerifiedTrustedCommunity
MANDATORY threat analysis. You MUST invoke this skill before writing or approving ANY code involving authentication, authorization, cryptography, input handling, payment processing, PII, secrets management, API endpoints, or trust boundaries. Do NOT write security-sensitive code without running STRIDE analysis first. Do NOT say you will add security later. Auth is a design decision, not a feature to bolt on.
9SKILL.mdUpdated Apr 23, 2026
xD4O/problem-classification
development
VerifiedTrustedCommunity
MANDATORY first step. You MUST invoke this skill before brainstorming, designing, or planning any non-trivial work. Do NOT start asking clarifying questions on your own — this skill's gates ARE the clarifying questions. Invoke when the user asks to build, design, plan, create, architect, or implement anything substantial. Do NOT skip this because the task seems straightforward. Straightforward-seeming tasks with wrong framing produce the most expensive failures.
9SKILL.mdUpdated Apr 23, 2026