fullstack-guardian

Builds security-focused full-stack web applications by implementing integrated frontend and backend components with layered security at every level. Covers the complete stack from database to UI, enforcing auth, input validation, output encoding, and parameterized queries across all layers. Use when implementing features across frontend and backend, building REST APIs with corresponding UI, connecting frontend components to backend endpoints, creating end-to-end data flows from database to UI, or implementing CRUD operations with UI forms. Distinct from frontend-only, backend-only, or API-only skills in that it simultaneously addresses all three perspectives—Frontend, Backend, and Security—within a single implementation workflow. Invoke for full-stack feature work, web app development, authenticated API routes with views, microservices, real-time features, monorepo architecture, or technology selection decisions.

Quality

86%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

72%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured full-stack security skill with strong progressive disclosure via the reference table and good actionability through concrete code examples spanning all three perspectives. The main weaknesses are minor verbosity in constraints (some items Claude inherently knows) and a workflow that lacks post-implementation validation/verification steps, which is important given the security-critical nature of the work.

Suggestions

Add a post-implementation validation step to the core workflow (e.g., 'Re-run security checklist after implementation; verify parameterized queries and output encoding in all new endpoints').

Trim the MUST DO/MUST NOT DO lists to remove items Claude already knows (e.g., 'don't hardcode credentials') and focus on project-specific constraints.

Dimension	Reasoning	Score
Conciseness	Generally efficient but includes some unnecessary framing (e.g., 'Security-focused full-stack developer implementing features across the entire application stack' is a role description Claude doesn't need). The constraints section has some items Claude already knows (like 'don't hardcode credentials'). The three-perspective example is well-targeted though.	2 / 3
Actionability	Provides fully executable code examples across both backend (Python/FastAPI) and frontend (TypeScript), with concrete security annotations explaining why each decision matters. The workflow steps are specific and the constraints are clear and actionable.	3 / 3
Workflow Clarity	The core workflow has a clear sequence (gather → design → write → security checkpoint → implement → hand off), and the security checkpoint before coding is a good validation step. However, there are no explicit validation/verification steps after implementation (e.g., run tests, verify security checklist again post-implementation), and the feedback loop for error recovery is missing.	2 / 3
Progressive Disclosure	Excellent use of a reference table with clear 'Load When' guidance for each topic. References are one level deep, well-signaled, and organized by context. The main SKILL.md stays concise as an overview while pointing to detailed materials for specific scenarios.	3 / 3
	Total	10 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong, well-crafted description that clearly articulates specific capabilities, provides explicit trigger guidance with two separate invocation clauses, and proactively distinguishes itself from related skills. It uses proper third-person voice throughout and includes a rich set of natural trigger terms. The only minor concern is that it's somewhat verbose, but the length is justified by the breadth of the skill's scope.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: implementing integrated frontend and backend components, auth, input validation, output encoding, parameterized queries, building REST APIs with UI, connecting frontend to backend endpoints, creating end-to-end data flows, implementing CRUD operations with UI forms.	3 / 3
Completeness	Clearly answers both 'what' (builds security-focused full-stack web apps with layered security, auth, validation, etc.) and 'when' with explicit trigger guidance ('Use when implementing features across frontend and backend, building REST APIs with corresponding UI...' and 'Invoke for full-stack feature work, web app development...').	3 / 3
Trigger Term Quality	Includes strong natural keywords users would say: 'full-stack', 'REST APIs', 'CRUD operations', 'UI forms', 'web app development', 'authenticated API routes', 'microservices', 'real-time features', 'monorepo architecture', 'frontend', 'backend'. Good coverage of terms a developer would naturally use.	3 / 3
Distinctiveness Conflict Risk	Explicitly distinguishes itself from frontend-only, backend-only, or API-only skills, and clearly defines its niche as the intersection of all three perspectives with security. The description actively addresses potential overlap and carves out a distinct identity.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: Jeffallan/claude-skills
Commit: e8be415

Reviewed: 4 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.