CtrlK
BlogDocsLog inGet started
Tessl Logo

senior-backend

Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.

82

1.29x
Quality

74%

Does it follow best practices?

Impact

84%

1.29x

Average score across 6 eval scenarios

SecuritybySnyk

Risky

Do not use without reviewing

Optimize this skill with Tessl

npx tessl skill review --optimize ./engineering-team/senior-backend/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

78%

31%

Product Catalog API — Initial Setup

API scaffolding workflow and REST conventions

Criteria
Without context
With context

api_scaffolder.py used

0%

100%

Framework flag provided

0%

100%

URL path versioning

0%

0%

Plural noun endpoints

100%

100%

No verbs in URLs

100%

100%

Lowercase hyphen URLs

100%

100%

Success response data wrapper

30%

20%

Error response structure

0%

60%

Correct status codes

100%

80%

OpenAPI spec generated

25%

100%

Validation middleware present

100%

100%

Error details array

50%

100%

86%

35%

Database Performance Investigation — Orders Service

Database optimization workflow and indexing

Criteria
Without context
With context

Analyze step used

0%

100%

Migration tool invoked

25%

100%

Dry-run step included

0%

100%

Rollback file present

0%

100%

CREATE INDEX CONCURRENTLY

100%

100%

Composite index column order

100%

100%

Covering index used

0%

0%

N+1 query fix

100%

100%

Cursor-based pagination

100%

100%

No SELECT *

62%

50%

EXPLAIN ANALYZE used

75%

75%

Verify step included

33%

100%

78%

35%

Auth Service Security Hardening

Security hardening workflow and auth patterns

Criteria
Without context
With context

JWT RS256 algorithm

0%

0%

JWT 15-minute expiry

100%

100%

JWT secret from env

100%

100%

bcrypt SALT_ROUNDS=12

100%

100%

Zod input validation

0%

100%

Helmet with HSTS

50%

100%

CORS specific origins

0%

0%

express-rate-limit

62%

62%

Secrets startup validation

25%

100%

Pino with redact

0%

100%

Security event logging

25%

62%

Load tester attack patterns

0%

100%

Parameterized SQL queries

100%

100%

90%

6%

Payment API Migration: v1 Deprecation and Duplicate Prevention

API versioning deprecation, idempotency, and rate limit headers

Criteria
Without context
With context

Deprecation header

40%

100%

Sunset header

100%

100%

Link successor header

100%

100%

v1 and v2 both mounted

100%

100%

Idempotency key header

100%

100%

Idempotency Redis TTL 24h

0%

0%

Idempotency returns cached response

100%

100%

Rate limit standard headers

100%

100%

Rate limit on /api/ prefix

100%

100%

Breaking change: field rename

100%

100%

Breaking change: type change

100%

100%

legacyHeaders false

100%

100%

79%

1%

Content Hub: URL Preview Service with Role-Based Access

SSRF prevention, RBAC authorization, and production error handling

Criteria
Without context
With context

Blocks 127.x / localhost

100%

100%

Blocks private IP ranges

100%

100%

Blocks metadata endpoints

87%

100%

HTTPS only enforcement

100%

100%

Allowlist check

0%

0%

No redirect following

0%

0%

RBAC permission mapping

100%

100%

requirePermission middleware

100%

100%

403 on permission denied

100%

100%

Route permissions applied

100%

100%

No stack trace in production

100%

100%

Error logged internally

100%

100%

Generic production message

100%

100%

Request ID in error response

0%

0%

94%

6%

E-Commerce Analytics Platform: Database Scaling and Optimization

Connection pooling, materialized views, batch operations, and advanced indexing

Criteria
Without context
With context

Pool min and max

100%

100%

Pool idleTimeoutMillis

100%

100%

Pool statement_timeout

100%

100%

Materialized view created

100%

100%

REFRESH CONCURRENTLY

100%

80%

CREATE INDEX CONCURRENTLY

50%

50%

Rollback in migration

100%

100%

Batch update via ANY

100%

100%

No SELECT *

100%

100%

EXISTS over IN

0%

100%

Cursor-based pagination

100%

100%

Partial or GIN index

100%

100%

connectionTimeoutMillis

100%

100%

Repository
alirezarezvani/claude-skills
Commit

967fe01

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Product Catalog API — Initial SetupDatabase Performance Investigation — Orders ServiceAuth Service Security HardeningPayment API Migration: v1 Deprecation and Duplicate PreventionContent Hub: URL Preview Service with Role-Based AccessE-Commerce Analytics Platform: Database Scaling and Optimization

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill