security-patterns
Security patterns and OWASP guidelines. Triggers on: security review, OWASP, XSS, SQL injection, CSRF, authentication, authorization, secrets management, input validation, secure coding.
Install with Tessl CLI
npx tessl i github:NeverSight/skills_feed --skill security-patterns90
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description excels at trigger term coverage and distinctiveness, providing comprehensive security-specific keywords that make skill selection clear. The main weakness is the vague 'what' portion - 'Security patterns and OWASP guidelines' doesn't specify concrete actions Claude will perform (e.g., reviewing code, suggesting fixes, implementing secure patterns).
Suggestions
Replace 'Security patterns and OWASP guidelines' with specific actions like 'Reviews code for security vulnerabilities, implements secure coding patterns, and applies OWASP guidelines'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security) and references 'patterns' and 'guidelines' but doesn't list concrete actions like 'review code for vulnerabilities', 'implement input sanitization', or 'audit authentication flows'. | 2 / 3 |
Completeness | Explicitly answers both what ('Security patterns and OWASP guidelines') and when ('Triggers on:' followed by comprehensive list of trigger terms), providing clear guidance for skill selection. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural security terms users would say: 'security review', 'OWASP', 'XSS', 'SQL injection', 'CSRF', 'authentication', 'authorization', 'secrets management', 'input validation', 'secure coding' - these are all terms developers naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with security-specific terminology (OWASP, XSS, SQL injection, CSRF) that clearly carves out a security niche unlikely to conflict with general coding or documentation skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
87%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a high-quality security skill that excels at conciseness and actionability. It provides concrete, executable examples with clear WRONG/CORRECT patterns and useful quick-reference tables. The main weakness is the lack of an explicit security review workflow with validation checkpoints, which would help Claude systematically apply these patterns during code review.
Suggestions
Add a 'Security Review Workflow' section with explicit steps: 1) Run quick audit scripts, 2) Review findings, 3) Check each OWASP category, 4) Validate fixes, 5) Re-run audit to confirm resolution
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely lean and efficient. No unnecessary explanations of what security vulnerabilities are - jumps straight to prevention patterns and executable code. Every section delivers actionable content without padding. | 3 / 3 |
Actionability | Provides fully executable code examples in Python, JavaScript, and bash. Shows clear WRONG vs CORRECT patterns, includes copy-paste ready security audit commands, and provides concrete checklists. | 3 / 3 |
Workflow Clarity | While individual security patterns are clear, there's no explicit workflow for conducting a security review. The quick audit section provides commands but lacks a sequenced process with validation checkpoints for systematic security assessment. | 2 / 3 |
Progressive Disclosure | Excellent structure with concise overview content and clear one-level-deep references to detailed materials (owasp-detailed.md, auth-patterns.md, etc.). Scripts are appropriately separated and clearly signaled. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.