security-patterns

Security patterns and OWASP guidelines. Triggers on: security review, OWASP, XSS, SQL injection, CSRF, authentication, authorization, secrets management, input validation, secure coding.

Install with Tessl CLI

npx tessl i github:NeverSight/skills_feed --skill security-patterns

What are skills?

Review — 88%

Does it follow best practices?

If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:

npx tessl skill review --optimize ./path/to/skill

Learn more

Validation — 11 / 11 Passed

Validation for skill structure

SKILL.md

Review

Evals

Evaluation results

97%

User Profile Management API

SQL injection prevention and resource authorization

Criteria

Without context

With context

Parameterized queries

100%

No f-string SQL

50%

62%

Input type validation

100%

Input length validation

100%

Input format validation

100%

Resource ownership check

100%

Deny by default

100%

No trusted raw headers/params

100%

Allowlist validation

100%

Admin bypass check

100%

Security scan documented

100%

Without context: $0.2351 · 1m 2s · 13 turns · 15 in / 3,923 out tokens

With context: $0.3795 · 1m 24s · 19 turns · 24 in / 4,781 out tokens

94%

Authentication System for a Web Application

Secure authentication implementation

Criteria

Without context

With context

Bcrypt/argon2/scrypt used

100%

Cost factor 12+

100%

90%

Rate limiting on login

100%

Account lockout

50%

100%

HttpOnly cookie flag

100%

Secure cookie flag

100%

SameSite cookie flag

100%

No hardcoded secrets

70%

50%

Secrets from env vars

100%

Secrets not logged

75%

100%

Session token quality

100%

Without context: $0.2603 · 1m 23s · 15 turns · 20 in / 4,871 out tokens

With context: $0.5528 · 2m 2s · 26 turns · 30 in / 7,862 out tokens

95%

Community Discussion Board Web Application

Security headers and XSS output encoding

Criteria

Without context

With context

No innerHTML with user data

100%

Safe DOM insertion

80%

URL parameter encoding

100%

62%

Content-Security-Policy header

100%

X-Content-Type-Options header

100%

X-Frame-Options header

100%

HSTS header

100%

Referrer-Policy header

100%

Permissions-Policy header

100%

HTML entity encoding

100%

Headers applied globally

100%

Without context: $0.3418 · 1m 18s · 23 turns · 27 in / 4,655 out tokens

With context: $0.5610 · 1m 58s · 31 turns · 597 in / 6,802 out tokens

Evaluated: about 13 hours ago
Agent: Claude Code

Table of Contents

User Profile Management API Authentication System for a Web Application Community Discussion Board Web Application

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.