404-frameworks-quarkus-security
Use when you need to design, review, or improve security in Quarkus applications — including Quarkus Security with JWT/OIDC, basic auth, @RolesAllowed / @Authenticated / @PermitAll, SecurityIdentity, permission checks, path-based authorization in configuration, exception mapping for auth failures, and sensitive-data-safe logging. This should trigger for requests such as Add Quarkus security support; Review Quarkus security configuration; Improve API authorization in Quarkus; Add JWT/OIDC security in Quarkus; Harden Quarkus authorization rules. Part of cursor-rules-java project
59
67%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/404-frameworks-quarkus-security/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope (Quarkus security), lists specific capabilities and technologies, and provides explicit trigger guidance with example user requests. The description is comprehensive without being unnecessarily verbose, and its narrow focus on Quarkus security makes it highly distinctive among potential competing skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and technologies: JWT/OIDC, basic auth, @RolesAllowed/@Authenticated/@PermitAll annotations, SecurityIdentity, permission checks, path-based authorization, exception mapping for auth failures, and sensitive-data-safe logging. | 3 / 3 |
Completeness | Clearly answers both 'what' (design/review/improve security in Quarkus with specific mechanisms listed) and 'when' (explicit 'Use when' clause at the start, plus 'This should trigger for requests such as...' with concrete example triggers). | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms users would say: 'Quarkus security', 'JWT', 'OIDC', 'authorization', 'basic auth', '@RolesAllowed', plus example request phrases like 'Add Quarkus security support', 'Harden Quarkus authorization rules'. Good coverage of both technical terms and natural language requests. | 3 / 3 |
Distinctiveness Conflict Risk | Highly specific to Quarkus security, which is a clear niche. The combination of Quarkus + security + specific annotations and mechanisms makes it very unlikely to conflict with general Java security skills or other Quarkus skills focused on different concerns. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill functions primarily as a pointer to an external reference file rather than providing standalone value. It lacks any concrete code examples, configuration snippets, or specific security patterns — all actionable content is deferred. The workflow structure is reasonable but too abstract, and there is redundancy between the 'What is covered' and 'When to use' sections.
Suggestions
Add at least 2-3 concrete, copy-paste-ready code examples inline (e.g., a @RolesAllowed endpoint, an application.properties OIDC config snippet, a SecurityIdentity check) so the skill provides immediate value without requiring the reference file.
Make workflow steps actionable: replace 'Apply framework-aligned changes' with specific patterns like 'Add @RolesAllowed annotations to JAX-RS endpoints' or 'Configure quarkus.http.auth.permission in application.properties' with concrete examples.
Add a feedback loop to the workflow: specify what to do if verification fails in step 4 (e.g., check common auth misconfigurations, review error output, fix and re-verify).
Consolidate the 'What is covered' and 'When to use this skill' sections — they overlap significantly and waste tokens.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The 'What is covered' bullet list and 'When to use this skill' section are somewhat redundant with each other and with the description. The 'Scope' line adds little. However, it's not egregiously verbose — mostly organizational overhead rather than explaining concepts Claude already knows. | 2 / 3 |
Actionability | The skill contains no concrete code examples, no specific configuration snippets, no executable commands beyond generic mvnw compile/verify. All substantive guidance is deferred to an external reference file. The body itself provides only vague direction like 'Apply framework-aligned changes' and 'Implement or refactor security-related configuration/code following the reference patterns.' | 1 / 3 |
Workflow Clarity | The workflow has a clear 4-step sequence with compilation checks before and verification after changes, which is good. However, the steps themselves are abstract ('Gather scope and decide target improvements', 'Apply framework-aligned changes') with no validation checkpoints between steps 2 and 3, and no error recovery/feedback loop if verification fails in step 4. | 2 / 3 |
Progressive Disclosure | The skill references a single external file (references/404-frameworks-quarkus-security.md) which is one level deep and clearly signaled. However, since no bundle files were provided, we cannot verify the reference exists. More importantly, the SKILL.md itself contains almost no actionable content — it over-delegates to the reference file, making the skill body feel like a thin wrapper rather than a useful overview with key patterns inline. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- jabrena/cursor-rules-java
- Commit
0e10f84
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.