django-security
Django安全最佳实践,身份验证,授权,CSRF保护,SQL注入预防,XSS预防和安全部署配置。
67
53%
Does it follow best practices?
Impact
90%
1.03xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./docs/zh-CN/skills/django-security/SKILL.mdEvaluation results
100%
7%Production Deployment Configuration for HealthTrack Django App
Production security settings
DEBUG disabled
100%
100%
ALLOWED_HOSTS from env
100%
100%
SSL redirect
100%
100%
Secure cookies
100%
100%
HSTS full config
100%
100%
NoSniff and XSS filter
100%
100%
X-Frame-Options DENY
100%
100%
HttpOnly cookies
100%
100%
SameSite cookies
100%
100%
SECRET_KEY from env
100%
100%
Missing SECRET_KEY raises error
100%
100%
Password validator count
100%
100%
Min password length 12
0%
100%
88%
1%User Profile and Document Sharing Feature
File upload validation and XSS prevention
Extension allowlist validation
100%
100%
File size validation
100%
100%
Validators attached to model/form
100%
100%
No mark_safe on raw user input
100%
100%
escape() or format_html() for inline HTML
100%
100%
Template auto-escape respected
100%
100%
escapejs in JS context
91%
100%
ORM for database queries
100%
100%
CSP header set
0%
0%
83%
API Backend for TaskFlow Project Management Tool
DRF API auth, throttling, and custom user model
Custom User model
100%
100%
Email as USERNAME_FIELD
100%
100%
AUTH_USER_MODEL configured
100%
100%
Argon2 primary hasher
100%
100%
Anon throttle class
100%
100%
User throttle class
100%
100%
Throttle rates defined
100%
100%
IsAuthenticated default permission
100%
100%
raise_exception in CBV
0%
0%
Security logging configured
100%
100%
Password validators present
100%
100%
CSRF trusted origins
0%
0%
- Repository
- haniakrim21/everything-claude-code
- Commit
ae2cadd
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.