Name: cisco/software-security
Rating: 0.8413 (1 reviews)
Author: cisco

cisco/software-security

A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.

1.78x

Review — 82%

Does it follow best practices?

Evaluation — 84%

↑ 1.78x

Agent success when using this tile

Validation — 13 / 16 Passed

Validation for skill structure

{
  "context": "Tests whether agent uses Argon2id (not bcrypt/PBKDF2) for password hashing and avoids hardcoded credentials, as specified by the software-security skill.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Uses Argon2id",
      "description": "Password hashing uses Argon2id specifically (not bcrypt, not PBKDF2, not scrypt, not plain argon2i or argon2d)",
      "max_score": 35
    },
    {
      "name": "No hardcoded secrets",
      "description": "Database connection string or credentials are loaded from environment variables or config, not hardcoded in source code",
      "max_score": 25
    },
    {
      "name": "Parameterized SQL",
      "description": "Any database queries use parameterized queries or an ORM, not string concatenation/interpolation",
      "max_score": 20
    },
    {
      "name": "Unique salt per user",
      "description": "Each password hash uses a unique random salt (either explicitly generated or via library default that auto-salts)",
      "max_score": 20
    }
  ]
}

Install with Tessl CLI