backend-security-coder
Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.
54
44%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./.agent/skills/backend-security-coder/SKILL.mdQuality
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description has good structure with explicit 'Use when' guidance and covers the security domain adequately. However, it relies on category names rather than specific concrete actions, and the trigger terms could be expanded to include more natural variations users might use when seeking security help.
Suggestions
Replace category names with specific actions like 'Validates input against schemas, implements JWT/OAuth authentication, sanitizes SQL queries, prevents XSS attacks'
Add more natural trigger terms users would say: 'auth', 'sanitize', 'SQL injection', 'XSS', 'OWASP', 'secure endpoints', 'token validation'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (backend security) and lists some areas (input validation, authentication, API security), but these are categories rather than concrete actions like 'validates user input against schemas' or 'implements JWT authentication'. | 2 / 3 |
Completeness | Clearly answers both what (secure backend coding practices in input validation, authentication, API security) and when (backend security implementations or security code reviews) with explicit 'Use PROACTIVELY' trigger guidance. | 3 / 3 |
Trigger Term Quality | Includes relevant terms like 'backend security', 'input validation', 'authentication', 'API security', and 'security code reviews', but misses common variations users might say like 'auth', 'sanitization', 'SQL injection', 'XSS', 'OWASP', or 'secure coding'. | 2 / 3 |
Distinctiveness Conflict Risk | The focus on 'backend security' provides some distinction, but 'authentication' and 'API security' could overlap with general API skills or auth-specific skills. The term 'security code reviews' could also conflict with general code review skills. | 2 / 3 |
Total | 9 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill functions primarily as an index to sub-skills rather than providing actionable security guidance itself. It lacks any concrete code examples, specific commands, or executable patterns that would help Claude implement secure backend code. The structure for progressive disclosure exists but the main skill offers too little standalone value.
Suggestions
Add 2-3 concrete, executable code examples demonstrating core security patterns (e.g., input validation, parameterized queries, secure password hashing) directly in the main skill
Replace the vague 'Instructions' section with a specific workflow for security code reviews or implementations, including validation checkpoints
Remove generic boilerplate sections ('Use this skill when' with obvious statements) and replace with a quick-reference checklist of security patterns
Include at least one complete, copy-paste-ready security implementation example before directing to sub-skills
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill contains some unnecessary boilerplate (generic 'Use this skill when' sections) and redundant purpose statements, but the core content is reasonably organized. The 'When to Use vs Security Auditor' section adds value but could be more concise. | 2 / 3 |
Actionability | The skill provides no concrete code examples, commands, or executable guidance. It's entirely abstract, listing capabilities and linking to sub-skills without demonstrating any actual secure coding patterns or implementations. | 1 / 3 |
Workflow Clarity | No clear workflow or sequence is provided. The instructions section offers only vague guidance ('Clarify goals, constraints, and required inputs') without specific steps, validation checkpoints, or feedback loops for security implementations. | 1 / 3 |
Progressive Disclosure | The skill does reference 10 sub-skills with clear links, which is good structure. However, the main skill provides almost no actionable content itself—it's essentially just a table of contents with no quick-start examples or immediate value before diving into sub-skills. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Repository
- Dokhacgiakhoa/antigravity-ide
- Commit
332e58b
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.