CtrlK
BlogDocsLog inGet started
Tessl Logo

django-security

Django 安全最佳实践、认证、授权、CSRF 防护、SQL 注入预防、XSS 预防和安全部署配置。

84

1.17x
Quality

Does it follow best practices?

Impact

95%

1.17x

Average score across 6 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill is highly actionable with comprehensive executable Django security code, but it is a large monolithic reference with redundant sections and no progressive disclosure into separate files, limiting conciseness and progressive_disclosure.

Suggestions

Deduplicate repeated configuration (security headers, CSP, and the REST_FRAMEWORK dict each defined twice) and consolidate into a single authoritative section to improve conciseness.

Split the long reference into bundle files (e.g., references/auth.md, references/deployment.md) with clearly signaled links from SKILL.md to improve progressive disclosure.

Add an explicit apply-and-verify workflow with validation checkpoints (e.g., run security checks / deploy checklist) to lift workflow_clarity.

DimensionReasoningScore

Conciseness

The body is mostly lean config code with brief annotations rather than concept-explaining fluff, but it is ~590 lines with notable redundancy (security headers/CSP and the REST_FRAMEWORK dict each appear in multiple sections), so it could be tightened; not a score 3 'every token earns its place'.

2 / 3

Actionability

It provides extensive, copy-paste-ready executable code for settings, models, permissions, middleware, and validators, with concrete GOOD/BAD contrasts, matching the 'fully executable, specific examples' anchor.

3 / 3

Workflow Clarity

A '何时启用' section and a final '快速安全检查清单' provide some sequencing, but there is no explicit multi-step apply→verify→deploy workflow with validation checkpoints, so it sits at 'steps listed but checkpoints implicit'.

2 / 3

Progressive Disclosure

Sections are well-organized with clear headers, but the entire ~590-line reference is inline in SKILL.md with no bundle files or one-level-deep external references, so content that should be split remains inline; well-organized sections alone do not reach 3 for a file this large.

2 / 3

Total

9

/

12

Passed

Description

72%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific and uses strong natural trigger terms within a clear Django-security niche, but it lacks an explicit 'Use when' trigger clause, which caps completeness at 2.

Suggestions

Add an explicit 'Use when...' clause (e.g., 'Use when setting up Django authentication, hardening production settings, or auditing a Django app for security issues') to raise completeness.

Reframe the topic list with action verbs (e.g., 'Configures authentication and authorization, prevents CSRF, SQL injection, and XSS, and hardens production deployments') to strengthen specificity.

DimensionReasoningScore

Specificity

The phrase "认证、授权、CSRF 防护、SQL 注入预防、XSS 预防和安全部署配置" enumerates several concrete security domains, but it reads as a noun-phrase topic list rather than explicit action verbs, so it matches the 'names domain and some actions' anchor rather than the multiple-verb 'score 3' example.

2 / 3

Completeness

The description answers 'what' (the listed security areas) but has no 'Use when...' clause or equivalent explicit trigger guidance, so per the guidelines completeness is capped at 2.

2 / 3

Trigger Term Quality

Terms like "Django", "CSRF", "SQL 注入", "XSS", "认证", and "授权" are exactly the natural keywords a user would say when requesting Django security help, giving good coverage of common phrasings.

3 / 3

Distinctiveness Conflict Risk

Scoping to 'Django 安全' carves out a clear, narrow niche with distinct triggers unlikely to conflict with non-Django or non-security skills.

3 / 3

Total

10

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

skill_md_line_count

SKILL.md is long (594 lines); consider splitting into references/ and linking

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
affaan-m/everything-claude-code
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.