CtrlK
BlogDocsLog inGet started
Tessl Logo

springboot-security

Java Spring Boot 服务中认证/授权、验证、CSRF、密钥、标头、速率限制和依赖安全性的 Spring Security 最佳实践。

92

1.08x
Quality

Does it follow best practices?

Impact

100%

1.08x

Average score across 6 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

80%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A highly actionable, concise reference with excellent executable examples, held back by its catalog structure: it lacks a sequenced validation workflow and would benefit from splitting detail into bundled reference files.

Suggestions

Add a short ordered hardening workflow with explicit validation checkpoints (e.g. configure → run dependency scan → verify CSRF/headers in response → fix and re-verify) to lift workflow clarity.

Move deeper material (rate-limit filter variants, full SecurityFilterChain recipes, dependency-scan CI snippets) into a references/ file and link to it from a concise overview, improving progressive disclosure.

DimensionReasoningScore

Conciseness

The body is lean — bullet rules paired with tight, complete code blocks — and assumes Claude's competence, never explaining what JWT, CSRF, or BCrypt are, so essentially every token earns its place.

3 / 3

Actionability

It provides fully executable, copy-paste-ready Java/YAML (JwtAuthFilter, @PreAuthorize controllers, parameterized queries, PasswordEncoder bean, SecurityFilterChain configs, Bucket4j rate-limit filter) with concrete BAD/GOOD contrasts.

3 / 3

Workflow Clarity

Content is organized by topic with a closing pre-deploy checklist, but there is no sequenced multi-step workflow or validate→fix→retry feedback loop; for risky security-configuration work the rubric caps workflow clarity at 2 when validation checkpoints are missing.

2 / 3

Progressive Disclosure

It is one-level with no nested references and cleanly sectioned, but at ~270 lines it is a monolithic catalog spanning many topics that could be split into reference files rather than held entirely inline in SKILL.md.

2 / 3

Total

10

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, specific description with clear natural triggers and a distinct niche, weakened only by the absence of an explicit 'use when' clause. Adding a trigger sentence would raise the completeness dimension.

Suggestions

Append an explicit trigger clause, e.g. 'Use when adding authentication, authorization, input validation, CSRF/CORS, secret management, or rate limiting to a Spring Boot service.'

Keep the current domain enumeration but pair it with concrete user-facing verbs (e.g. 'configure', 'audit', 'harden') to reinforce actionability.

DimensionReasoningScore

Specificity

The description enumerates seven concrete security domains ('认证/授权、验证、CSRF、密钥、标头、速率限制和依赖安全性'), matching the anchor for listing multiple specific concrete actions rather than naming only a domain and a few actions.

3 / 3

Completeness

It clearly states what the skill does (Spring Security best practices across listed areas) but lacks any explicit 'Use when...' / 何时使用 trigger clause, so the 'when' guidance is only implied — per the rubric guideline a missing Use-when clause caps completeness at 2.

2 / 3

Trigger Term Quality

It surfaces natural terms developers actually request — 'Spring Boot', 'Spring Security', '认证/授权', 'CSRF', '速率限制' — giving good coverage of likely user phrasings rather than opaque jargon.

3 / 3

Distinctiveness Conflict Risk

It is tightly scoped to 'Java Spring Boot / Spring Security', a distinct niche with explicit trigger terms unlikely to collide with unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
affaan-m/everything-claude-code
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.