unit-test-security-authorization

Unit tests for Spring Security with @PreAuthorize, @Secured, @RolesAllowed. Test role-based access control and authorization policies. Use when validating security configurations and access control logic.

Install with Tessl CLI

npx tessl i github:giuseppe-trisciuoglio/developer-kit --skill unit-test-security-authorization

What are skills?

Overall
score

70%

Review — 33%

Does it follow best practices?

If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:

npx tessl skill review --optimize ./path/to/skill

Learn more

Validation — 12 / 16 Passed

Validation for skill structure

SKILL.md

Review

Evals

Discovery

N/A

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

Something went wrong

Implementation

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a solid, actionable skill with excellent code examples covering the full spectrum of Spring Security testing scenarios. The main weaknesses are verbosity (could trim generic advice sections) and the monolithic structure that puts all content in one file rather than using progressive disclosure to separate basic from advanced patterns.

Suggestions

Remove or significantly condense the 'When to Use This Skill', 'Best Practices', and 'Common Pitfalls' sections - Claude knows when to apply security testing and these add ~50 lines of generic content

Add a quick validation step at the start: 'Verify @EnableGlobalMethodSecurity is configured before writing tests' to prevent the most common failure mode

Split into SKILL.md (basic @PreAuthorize/@Secured testing) and ADVANCED.md (custom permission evaluators, expression-based security) with clear navigation links

Dimension	Reasoning	Score
Conciseness	The skill is reasonably efficient but includes some unnecessary sections like 'When to Use This Skill' that Claude can infer, and the 'Best Practices' and 'Common Pitfalls' sections contain generic advice that adds bulk without unique value.	2 / 3
Actionability	Excellent executable code examples throughout - complete test classes with proper imports, annotations, and assertions. The Maven/Gradle setup, MockMvc configuration, and custom permission evaluator tests are all copy-paste ready.	3 / 3
Workflow Clarity	While individual test patterns are clear, there's no explicit workflow for setting up security testing from scratch. Missing validation steps like 'verify security config is enabled before running tests' or a checklist for common setup issues.	2 / 3
Progressive Disclosure	Content is well-organized with clear section headers, but it's a monolithic document (~400 lines) that could benefit from splitting advanced topics (custom permission evaluators, expression-based security) into separate files with clear navigation links.	2 / 3
	Total	9 / 12 Passed

Validation

75%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 12 / 16 Passed

Validation for skill structure

Criteria	Description	Result
metadata_version	'metadata' field is not a dictionary	Warning
license_field	'license' field is missing	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning
body_steps	No step-by-step structure detected (no ordered list); consider adding a simple workflow	Warning

	Total	12 / 16 Passed

Reviewed: about 1 month ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.