critical-interval-security-checker
Analyzes code to identify security-critical time intervals and timing vulnerabilities in authentication, authorization, and time-sensitive security operations. Use this skill when reviewing code for proper timeout enforcement, token expiration, session management, rate limiting, password reset validity, or any time-sensitive security mechanism. Detects missing expiration checks, excessive timeout values, lack of rate limiting, client-side only validation, hardcoded timeouts, and timing attack vulnerabilities. Triggers when users ask to check security timeouts, verify token expiration handling, audit session timeout implementation, review rate limiting, or analyze time-based security controls.
95
92%
Does it follow best practices?
Impact
99%
1.17xAverage score across 3 eval scenarios
Passed
No known issues
Evaluation results
98%
26%Security Audit: Authentication Service
Automated script usage and structured findings documentation
Script invocation
0%
100%
Issue field present
87%
100%
Location field present
75%
100%
Severity field present
100%
100%
Current state field present
75%
75%
Recommendation field present
87%
100%
Code fix included
100%
100%
verify_exp=False flagged
100%
100%
Reset token expiry flagged
0%
100%
Missing reset expiry check flagged
100%
100%
Summary section present
100%
100%
100%
20%Harden the Token Authentication Module
Recommended interval values, UTC timestamps, named constants, constant-time comparison
Access token expiry corrected
0%
100%
Refresh token expiry corrected
100%
100%
UTC used for access token
100%
100%
UTC used for refresh token
100%
100%
UTC used for OTP token
100%
100%
OTP expiry corrected
100%
100%
Reset token expiry corrected
100%
100%
Named constant for at least one timeout
0%
100%
Constant-time API key comparison
100%
100%
CHANGES.md present
100%
100%
No magic number timeouts added
100%
100%
100%
Microservices Session Security Review
Rate limiting, inconsistent timeout enforcement, expired data cleanup
Inconsistent timeouts identified
100%
100%
Consistent timeout recommended
100%
100%
Admin missing expiry check flagged
100%
100%
Admin expiry check fix provided
100%
100%
Checkout login missing rate limit flagged
100%
100%
Rate limit value specified
100%
100%
Expired session cleanup flagged
100%
100%
Cleanup fix provided
100%
100%
Structured findings format
100%
100%
UTC recommendation
100%
100%
- Repository
- ArabelaTso/Skills-4-SE
- Commit
0f00a4f
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.