CtrlK
BlogDocsLog inGet started
Tessl Logo

springboot-security

Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.

71

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

92%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A dense, actionable security reference with executable examples and a release checklist. Its main weakness is the absence of progressive disclosure — all content is inline in a single long file with no detail references.

Suggestions

Split the larger code examples (e.g., RateLimitFilter, CORS, security headers) into a references/ file linked from the main sections, keeping SKILL.md as a concise overview.

Consider moving the full per-section Java snippets behind one-level-deep reference links so the main file stays a quick-scan overview.

DimensionReasoningScore

Conciseness

Lean reference style with concise bullets and complete code; no padding explaining what Spring/Java/PDFs are, and every code block demonstrates a concrete pattern that earns its place.

3 / 3

Actionability

Provides fully executable Java/YAML snippets with real annotations and config (e.g., JwtAuthFilter, @PreAuthorize, BCryptPasswordEncoder, Bucket4j filter) that are copy-paste ready.

3 / 3

Workflow Clarity

Clear topical sections plus an explicit "Checklist Before Release" serving as a verification gate; well-organized single-purpose reference content with a concrete validation checkpoint.

3 / 3

Progressive Disclosure

Well-organized with headers, but everything sits inline in one ~270-line file with no reference files or "see X for details" navigation; the under-50-line exemption does not apply, so it stops short of true progressive disclosure.

2 / 3

Total

11

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A specific, well-scoped description that names concrete security domains and natural trigger terms. Its only gap is the absence of an explicit "Use when..." clause in the description field itself, which caps completeness.

Suggestions

Add a "Use when..." clause to the description (e.g., "Use when adding authentication, validating input, or hardening Spring Boot services") so the trigger guidance lives in the frontmatter rather than only the body.

Consider expanding "authn/authz" to "authentication/authorization" for more natural user-facing trigger terms.

DimensionReasoningScore

Specificity

Lists multiple concrete security domains — "authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security" — naming specific capabilities rather than vague language.

3 / 3

Completeness

The what is clear (best practices across listed domains) but the description itself has no "Use when..." trigger clause — that guidance lives in the body, so completeness is capped at 2 per the rubric guideline.

2 / 3

Trigger Term Quality

Natural terms a user would say are well covered: "Spring Security", "Java Spring Boot", "CSRF", "rate limiting", "secrets"; "authn/authz" is slightly jargon-heavy but the rest are user-facing.

3 / 3

Distinctiveness Conflict Risk

Scoped tightly to Spring Security in Java Spring Boot services with domain-specific triggers, making it unlikely to fire for unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
affaan-m/ECC
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.