CtrlK
BlogDocsLog inGet started
Tessl Logo

django-security

Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations.

60

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

62%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with extensive executable Django security code, but it is a monolithic document that underuses progressive disclosure and lacks sequenced workflows with validation checkpoints for risky hardening/deployment steps. Tightening the redundant basic explanations and splitting detailed references would improve it.

Suggestions

Introduce a sequenced hardening workflow with explicit validation checkpoints (e.g., run `python manage.py check --deploy`, fix findings, re-check, only then deploy) to support the destructive/risky production config operations.

Move large reference blocks (production settings, RBAC models, API throttle config) into separate reference files linked one level deep, keeping SKILL.md a lean overview.

Trim restatements of Django defaults Claude already knows (PBKDF2 defaulting, ORM auto-escaping, CSRF enabled by default) to reduce token overhead.

DimensionReasoningScore

Conciseness

Content is mostly executable code without padding, but several sections restate Django basics Claude already knows (e.g., 'Django uses PBKDF2 by default', 'Django ORM automatically escapes parameters', 'CSRF is enabled by default') and inline comments repeat obvious facts, so it is efficient but could be tightened.

2 / 3

Actionability

Nearly every section provides complete, copy-paste-ready Python/Django settings and code with concrete class names, settings keys, and working examples, satisfying the fully-executable anchor.

3 / 3

Workflow Clarity

Sections are topic-organized rather than sequenced, and there are no validation checkpoints or feedback loops; while the 'When to Activate' list and checklist give some structure, multi-step hardening lacks an ordered validate-fix-retry sequence.

2 / 3

Progressive Disclosure

The file is a single monolithic SKILL.md with no bundle files (references/scripts/assets absent) and everything inline; sections are well-organized with a summary checklist, but content that could be split (e.g., full settings, RBAC, API security) is not separated into one-level-deep references.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific and rich in natural trigger terms with a clear, distinctive Django-security niche, but it omits any explicit 'Use when...' guidance. Adding a trigger clause would lift completeness to the top level.

Suggestions

Append an explicit activation clause such as 'Use when securing a Django app, configuring authentication/permissions, or hardening a Django deployment for production.'

Pair the capability list with concrete trigger phrases a user might say (e.g., 'Django security review', 'CSRF in Django') to make activation unambiguous.

DimensionReasoningScore

Specificity

The description names multiple concrete security actions: 'authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations', which mirrors the top anchor listing several specific actions.

3 / 3

Completeness

It clearly answers 'what' (security best practices across several domains) but offers no 'Use when...' clause, so the 'when to activate' trigger guidance is only implied; per the guidelines a missing explicit trigger caps completeness at 2.

2 / 3

Trigger Term Quality

It surfaces the natural terms a user would say — 'Django', 'authentication', 'CSRF', 'SQL injection', 'XSS', 'deployment' — with strong coverage of common variations rather than obscure jargon.

3 / 3

Distinctiveness Conflict Risk

The Django-specific security niche with named vulnerability categories is clearly distinguishable and unlikely to fire for unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

skill_md_line_count

SKILL.md is long (594 lines); consider splitting into references/ and linking

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
affaan-m/ECC
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.