critical-interval-security-checker
Analyzes code to identify security-critical time intervals and timing vulnerabilities in authentication, authorization, and time-sensitive security operations. Use this skill when reviewing code for proper timeout enforcement, token expiration, session management, rate limiting, password reset validity, or any time-sensitive security mechanism. Detects missing expiration checks, excessive timeout values, lack of rate limiting, client-side only validation, hardcoded timeouts, and timing attack vulnerabilities. Triggers when users ask to check security timeouts, verify token expiration handling, audit session timeout implementation, review rate limiting, or analyze time-based security controls.
95
92%
Does it follow best practices?
Impact
99%
1.17xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that thoroughly covers what the skill does, when to use it, and includes comprehensive trigger terms. It uses proper third-person voice throughout, lists specific capabilities and detection targets, and provides explicit 'Use this skill when...' and 'Triggers when...' clauses that make selection criteria unambiguous.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'identify security-critical time intervals', 'timeout enforcement', 'token expiration', 'session management', 'rate limiting', 'password reset validity'. Also specifies what it detects: 'missing expiration checks', 'excessive timeout values', 'timing attack vulnerabilities', etc. | 3 / 3 |
Completeness | Clearly answers both what ('Analyzes code to identify security-critical time intervals and timing vulnerabilities...') AND when ('Use this skill when reviewing code for...' and 'Triggers when users ask to...'). Has explicit trigger guidance with multiple specific scenarios. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'security timeouts', 'token expiration', 'session timeout', 'rate limiting', 'time-based security controls', 'password reset validity'. These are terms developers naturally use when discussing security timing concerns. | 3 / 3 |
Distinctiveness Conflict Risk | Very clear niche focused specifically on time-based security vulnerabilities. The combination of 'timing', 'security', 'expiration', 'timeout' creates a distinct trigger profile unlikely to conflict with general code review or non-security timing skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong skill with excellent actionability and workflow clarity. It provides concrete, executable code examples and a well-structured multi-step process with validation checkpoints. Minor improvements could be made by reducing redundancy between the vulnerability checklist and quick reference sections.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient but includes some redundancy - the vulnerability patterns are listed in section 2 and then repeated in the Quick Reference section. The code examples are useful but some explanatory comments like '# Too long!' and '# Magic number' are slightly verbose. | 2 / 3 |
Actionability | Provides fully executable code examples across Python, JavaScript, and Java. Includes copy-paste ready bash commands for the automated checker, concrete before/after code fixes, and specific detection patterns. All guidance is concrete and actionable. | 3 / 3 |
Workflow Clarity | Clear 7-step workflow with explicit validation checkpoints. Step 3 uses automated checking, step 4 provides manual verification criteria, and step 6 documents findings with a structured template. The workflow includes both automated and manual validation paths. | 3 / 3 |
Progressive Disclosure | Well-structured with clear overview and one-level-deep references to external files (vulnerability_patterns.md, time_intervals.md). Content is appropriately split between quick reference inline and detailed patterns in referenced files. Navigation is clear with section headers. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- ArabelaTso/Skills-4-SE
- Commit
0f00a4f
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.