django-security
Django安全最佳实践,身份验证,授权,CSRF保护,SQL注入预防,XSS预防和安全部署配置。
Install with Tessl CLI
npx tessl i github:affaan-m/everything-claude-code --skill django-security62
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
42%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description effectively lists specific Django security capabilities with concrete technical terms, demonstrating good specificity. However, it completely lacks explicit trigger guidance ('Use when...') which is critical for Claude to know when to select this skill from a large skill library. The Chinese language may also limit discoverability for English-speaking users.
Suggestions
Add a 'Use when...' clause with explicit triggers, e.g., 'Use when the user asks about Django security, protecting Django apps, or mentions vulnerabilities in Django projects'
Include common user-facing trigger terms like 'secure my Django app', 'security audit', 'vulnerability prevention', or 'hardening Django'
Consider adding English equivalents of key terms to improve discoverability across language contexts
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete security actions: authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configuration. These are concrete, actionable security domains. | 3 / 3 |
Completeness | Describes WHAT (security best practices for Django) but completely lacks a 'Use when...' clause or any explicit trigger guidance for WHEN Claude should select this skill. Per rubric guidelines, missing explicit trigger guidance caps completeness at 2, and this has no 'when' component at all. | 1 / 3 |
Trigger Term Quality | Contains relevant technical terms (CSRF, SQL injection, XSS, Django) that security-focused users would use, but missing common variations like 'security audit', 'vulnerability', 'secure coding', or English equivalents that users might naturally say. | 2 / 3 |
Distinctiveness Conflict Risk | Django-specific focus provides some distinctiveness, but could overlap with general web security skills, Python security skills, or other framework security skills. The security topics listed are common across many web frameworks. | 2 / 3 |
Total | 8 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a comprehensive Django security reference with excellent actionable code examples covering authentication, authorization, SQL injection, XSS, CSRF, and deployment security. However, it's verbose for a skill file, lacks validation/verification workflows for confirming security measures are working, and would benefit from being split into a concise overview with links to detailed topic files.
Suggestions
Add validation steps showing how to verify security configurations are working (e.g., 'Test CSRF: submit form without token, expect 403')
Split into SKILL.md overview + separate files for detailed topics (API_SECURITY.md, FILE_UPLOADS.md, CSP.md) to improve progressive disclosure
Remove explanatory comments that state the obvious (e.g., '# CRITICAL: Never use True in production') - Claude knows DEBUG=False is required for production
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but includes some unnecessary explanations (e.g., comments like '# CRITICAL: Never use True in production' and verbose section introductions). Some sections could be tightened, though most code examples are lean. | 2 / 3 |
Actionability | Provides fully executable, copy-paste ready code examples throughout. Each security topic includes concrete Python/Django code with proper imports, settings configurations, and implementation patterns. | 3 / 3 |
Workflow Clarity | While individual security configurations are clear, there's no explicit workflow for implementing security holistically. Missing validation steps for verifying security configurations are properly applied (e.g., how to test CSRF is working, how to verify headers are set). | 2 / 3 |
Progressive Disclosure | Content is well-organized with clear sections and a summary checklist, but it's a monolithic document (~400 lines) that could benefit from splitting detailed topics (API security, file uploads, CSP) into separate reference files with links from the main skill. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (593 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.