CtrlK
BlogDocsLog inGet started
Tessl Logo

security-review

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.

55

Quality

62%

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./.claude/skills/security-review/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

22%

User Registration API for a Healthcare Platform

Input validation, secrets management, SQL injection prevention, rate limiting

Criteria
Without context
With context

Zod schema import

0%

100%

Email field validation

100%

100%

String field constraints

100%

100%

Secrets from env vars

100%

100%

Env var existence check

0%

100%

.gitignore for env files

100%

100%

Parameterized queries

100%

100%

No SQL string concatenation

100%

100%

Rate limiter applied

100%

100%

Generic error response

100%

100%

No sensitive data logged

100%

100%

90%

54%

Community Forum with Rich Text Posts in Next.js

XSS prevention, JWT cookie security, CSP headers, CSRF protection

Criteria
Without context
With context

isomorphic-dompurify import

0%

100%

DOMPurify.sanitize called

0%

100%

ALLOWED_TAGS restriction

0%

100%

ALLOWED_ATTR empty

0%

100%

CSP header in next.config

0%

100%

httpOnly cookie for auth

100%

100%

No localStorage for token

100%

100%

SameSite=Strict on cookie

100%

100%

HttpOnly flag on cookie

100%

100%

CSRF token verification

0%

0%

100%

Automated Deployment Pipeline for a Node.js Microservice on AWS

CI/CD OIDC authentication, secrets scanning, IAM least privilege

Criteria
Without context
With context

OIDC credential action

100%

100%

role-to-assume not static keys

100%

100%

id-token permission

100%

100%

Secrets scanning step

100%

100%

npm ci used

100%

100%

Dependency vulnerability scan

100%

100%

IAM specific actions

100%

100%

IAM specific resources

100%

100%

Minimal workflow permissions

100%

100%

No static credentials in workflow

100%

100%

Repository
devrev/meerkat
Commit

b09913f

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

User Registration API for a Healthcare PlatformCommunity Forum with Rich Text Posts in Next.jsAutomated Deployment Pipeline for a Node.js Microservice on AWS

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill