spring-security-configuration
Creates a Spring Security configuration class with authentication, authorization, and HTTP protection setup. Use this skill when a security configuration needs to be created, either standalone or as part of a larger task (e.g. adding authentication to a REST API, configuring OAuth2/OIDC login, setting up JWT resource server).
88
85%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that clearly communicates what the skill does and when to use it. It uses third person voice, includes specific concrete actions, provides explicit trigger scenarios with natural keywords, and occupies a distinct niche. The parenthetical examples in the 'Use when' clause are particularly effective at covering multiple trigger scenarios.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'authentication, authorization, and HTTP protection setup' and further elaborates with examples like 'adding authentication to a REST API, configuring OAuth2/OIDC login, setting up JWT resource server'. | 3 / 3 |
Completeness | Clearly answers both 'what' (creates a Spring Security configuration class with authentication, authorization, and HTTP protection) and 'when' (explicit 'Use this skill when...' clause with specific trigger scenarios like adding auth to REST API, configuring OAuth2/OIDC, setting up JWT). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'Spring Security', 'authentication', 'authorization', 'REST API', 'OAuth2', 'OIDC', 'JWT', 'resource server', 'security configuration'. These cover common variations of how users would describe this need. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: Spring Security configuration specifically. The combination of 'Spring Security', 'OAuth2/OIDC', and 'JWT resource server' makes it very unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
70%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill excels in actionability, workflow clarity, and progressive disclosure — it provides a thorough, well-sequenced process with concrete tool calls, file paths, and validation steps, all properly delegating details to reference files. Its major weakness is extreme verbosity: conversational behavior instructions (smart defaults, answer recognition, batching rules, Step 0's 'read the conversation' directive) are over-explained and repeated multiple times, consuming significant token budget on things Claude inherently understands or that could be stated once in 2-3 lines.
Suggestions
Consolidate the 'Smart defaults', 'Smart answer recognition', 'Batch questions', 'Decision-making principle', and 'Step 0' sections into a single concise 'Interaction Rules' section of ~10-15 lines — most of this is restating 'derive answers from context before asking' in different ways.
Remove explanations of Claude's inherent capabilities (e.g., 'Re-read the user's prompt and prior turns', 'accept it directly', 'NEVER ask a question that the user already answered') — these describe default conversational behavior and waste tokens.
The 'How to ask — prefer AskUserQuestion' subsection repeats rules already stated in the 'Batch questions' and 'Rules' sections above it — merge into one authoritative list.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~300+ lines with extensive repetition. The 'Decision-making principle' section restates the same logic multiple times (context first, AskUserQuestion preference, batch rules). The 'Smart answer recognition' and 'Smart defaults' sections explain conversational behavior Claude already understands. Step 0 is an entire section dedicated to telling Claude to read the conversation — something it inherently does. | 1 / 3 |
Actionability | The skill provides highly concrete, actionable guidance: specific MCP tool calls with exact parameter names, explicit file paths for fragments/skeletons/references, precise variable substitution rules, exact DSL ordering instructions, and a detailed anti-hallucination checklist with specific conditions to verify. Every step has clear executable actions. | 3 / 3 |
Workflow Clarity | The workflow is clearly sequenced (Steps 0-5) with explicit validation checkpoints: checking existing configs before proceeding, verifying Boot version compatibility for Authorization Server, the anti-hallucination checklist before writing code, and dependency verification against presentDeps. Error recovery is addressed (e.g., if bootMajor < 3.1 for auth server, warn and ask for alternative). | 3 / 3 |
Progressive Disclosure | The skill is well-structured as an overview that delegates variant-specific details to reference files (references/jwt.md, references/oidc.md, etc.), code to example skeletons and fragments, and dependencies/properties to their own files. References are one level deep and clearly signaled with exact paths. Without bundle files to verify, the structure described is exemplary. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- Amplicode/spring-skills
- Commit
4d8e766
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.