django-security

Django 安全最佳实践、认证、授权、CSRF 防护、SQL 注入预防、XSS 预防和安全部署配置。

1.17x

Quality

62%

Does it follow best practices?

Impact

95%

1.17x

Average score across 6 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./docs/zh-CN/skills/django-security/SKILL.md

Evaluation results

100%

Securing a Django E-commerce Platform for Launch

Production security configuration

Criteria

Without context

With context

DEBUG disabled

100%

SSL redirect

100%

HSTS duration

100%

HSTS subdomains and preload

100%

Secure cookies

100%

HttpOnly cookies

100%

SameSite cookies

57%

100%

X-Frame-Options

100%

Content type nosniff

100%

SECRET_KEY from env

100%

Missing key raises error

100%

Password validator count

100%

Minimum password length

100%

Argon2 hasher first

100%

92%

Building a Community Forum with User Profiles and Search

SQL injection and XSS prevention

Criteria

Without context

With context

ORM for user queries

100%

No raw SQL interpolation

100%

Q objects for search

100%

No bare mark_safe

100%

escape before mark_safe

88%

100%

format_html usage

55%

100%

escapejs in JS context

77%

100%

No |safe on user input

100%

CSRF token in forms

100%

X-CSRFToken in AJAX

100%

raise_exception on views

83%

14%

Building a REST API for a Creative Portfolio Platform

API authentication, rate limiting, and file upload security

Criteria

Without context

With context

AnonRateThrottle included

100%

UserRateThrottle included

100%

Anon rate 100/day

100%

User rate 1000/day

100%

IsAuthenticated default

JWT authentication

100%

Token authentication

100%

File extension validation

100%

File size limit 5MB

Validators on FileField

100%

Custom object permission

100%

SAFE_METHODS read access

100%

32%

Community Platform User System

Custom user model and role-based authorization

Criteria

Without context

With context

Extends AbstractUser

100%

Email as USERNAME_FIELD

100%

Email field unique

100%

REQUIRED_FIELDS has username

100%

AUTH_USER_MODEL set

100%

Role choices defined

100%

is_admin method

62%

100%

is_moderator method

57%

100%

AdminRequiredMixin raises PermissionDenied

100%

Model Meta permissions

100%

user_can_edit method

37%

100%

PermissionRequiredMixin with raise_exception

100%

LoginRequiredMixin included

100%

12%

Browser Security Hardening for a Django Web App

Security header middleware and Content Security Policy

Criteria

Without context

With context

X-Content-Type-Options header

100%

X-Frame-Options DENY

100%

X-XSS-Protection header

100%

CSP header attached

100%

Middleware uses get_response pattern

100%

CSP_DEFAULT_SRC setting

100%

CSP_SCRIPT_SRC with CDN

100%

CSP_STYLE_SRC with unsafe-inline

100%

CSP_IMG_SRC setting

100%

CSP_CONNECT_SRC with API domain

100%

CSP assembled from settings

100%

SECURE_CONTENT_TYPE_NOSNIFF

100%

SECURE_BROWSER_XSS_FILTER

100%

20%

Production Configuration and Security Monitoring Setup

Security logging and environment variable management

Criteria

Without context

With context

django-environ or decouple used

100%

environ.Env instantiated

57%

100%

Env.read_env() called

57%

100%

SECRET_KEY from env

87%

100%

DATABASE_URL from env

71%

100%

ALLOWED_HOSTS from env list

100%

LOGGING dict configured

100%

File handler for security log

100%

django.security logger

100%

django.request logger

100%

SESSION_ENGINE configured

100%

SESSION_COOKIE_AGE set to 1 week

100%

.env.example present

57%

100%

Repository: affaan-m/everything-claude-code
Commit: 5df943e

Evaluated: 28 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Securing a Django E-commerce Platform for Launch Building a Community Forum with User Profiles and Search Building a REST API for a Creative Portfolio Platform Community Platform User System Browser Security Hardening for a Django Web App Production Configuration and Security Monitoring Setup

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.