CtrlK
BlogDocsLog inGet started
Tessl Logo

spring-security-configuration

Creates a Spring Security configuration class with authentication, authorization, and HTTP protection setup. Use this skill when a security configuration needs to be created, either standalone or as part of a larger task (e.g. adding authentication to a REST API, configuring OAuth2/OIDC login, setting up JWT resource server).

72

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is a well-sequenced, actionable workflow with strong validation checkpoints, but it repeats its questioning/context-first guidance across several sections and, more seriously, points the core code-generation steps at an examples/ tree and _dependencies/_properties directories that are missing from the bundle.

Suggestions

Add the missing examples/_skeletons, examples/_fragments, examples/_beans, _dependencies, and _properties files referenced in Steps 4–5, or rewrite those steps so they do not depend on absent files — the current references are dead ends.

Consolidate the AskUserQuestion and 'read context first' rules into one section; they are currently restated in Defaults, Decision-making principle, How-to-ask, and Step 0.

Verify every path mentioned in the body (e.g. _properties/{variant}/properties.md, _dependencies/base.md) exists in the bundle before relying on it as a progressive-disclosure hop.

DimensionReasoningScore

Conciseness

Mostly efficient operational guidance (defaults table, decision hierarchy, anti-hallucination checklist) with little concept-explanation padding, but the AskUserQuestion rules and the 'read context first / don't re-ask' message are restated across the Defaults, Decision-making principle, How-to-ask, and Step 0 sections, which could be tightened.

2 / 3

Actionability

Provides concrete, executable guidance — named MCP tools with explicit extraction targets, specific file paths to read, exact variable-substitution and DSL-ordering rules, and a pre-write verification checklist. As an instruction-only skill, the absence of inline code is not penalized because the guidance itself is highly actionable.

3 / 3

Workflow Clarity

Steps 0–5 are clearly sequenced with explicit validation checkpoints — the existingConfigs warning/confirm gate, refresh_build_system_model after dependency edits, a post-generation report, and the anti-hallucination checklist acting as a pre-write feedback loop — matching the anchor for clear sequence with explicit validation.

3 / 3

Progressive Disclosure

Structure is conceptually good and the references/ files exist and are one-level-deep, but the core generation content is delegated to examples/_skeletons, examples/_fragments, examples/_beans, _dependencies, and _properties paths that are absent from the bundle, so the main execution references are broken dead ends.

2 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is strong: third-person voice, concrete multi-action capability statement, and an explicit 'Use when' clause with realistic trigger examples. It clearly answers both what the skill does and when to invoke it.

DimensionReasoningScore

Specificity

Names multiple concrete actions — 'authentication, authorization, and HTTP protection setup' plus examples like 'adding authentication to a REST API, configuring OAuth2/OIDC login, setting up JWT resource server' — matching the anchor for listing several specific concrete actions.

3 / 3

Completeness

Explicitly answers both what ('Creates a Spring Security configuration class with authentication, authorization, and HTTP protection setup') and when ('Use this skill when a security configuration needs to be created... e.g. adding authentication to a REST API, configuring OAuth2/OIDC login, setting up JWT resource server'), with an explicit 'Use when' clause.

3 / 3

Trigger Term Quality

Covers natural terms a developer would actually say — 'Spring Security configuration', 'authentication', 'authorization', 'OAuth2/OIDC login', 'JWT resource server', 'REST API' — giving good coverage of plausible trigger phrases.

3 / 3

Distinctiveness Conflict Risk

Occupies a clear niche (Spring Security configuration generation) with distinct, specific triggers unlikely to overlap with unrelated skills. It is a 2 not because of weakness but because 3 is the top of the scale and the niche is unambiguous; a 2 would require generic overlap, which is absent.

3 / 3

Total

12

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
Amplicode/spring-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.