504-frameworks-micronaut-security
Use when you need to design, review, or improve security in Micronaut applications — including micronaut-security authentication, @Secured and intercept-url-map rules, JWT/session strategies, SecurityService checks, CORS, CSRF awareness for browser apps, rejection handlers, and sensitive-data-safe logging. This should trigger for requests such as Add Micronaut security support; Review Micronaut security configuration; Improve API authorization in Micronaut; Add JWT security in Micronaut; Harden Micronaut route authorization rules. Part of cursor-rules-java project
64
75%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/504-frameworks-micronaut-security/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that excels across all dimensions. It provides specific capabilities, natural trigger terms with example queries, explicit 'Use when' guidance, and is clearly scoped to Micronaut security, making it highly distinguishable from other skills. The description is comprehensive without being unnecessarily verbose.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and capabilities: authentication, @Secured and intercept-url-map rules, JWT/session strategies, SecurityService checks, CORS, CSRF awareness, rejection handlers, and sensitive-data-safe logging. | 3 / 3 |
Completeness | Clearly answers both 'what' (design, review, improve security in Micronaut applications with specific capabilities listed) and 'when' (explicit 'Use when' clause at the start plus 'This should trigger for requests such as...' with concrete example queries). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'Micronaut security', 'JWT', 'authentication', 'authorization', 'CORS', 'CSRF', plus explicit example phrases like 'Add JWT security in Micronaut' and 'Harden Micronaut route authorization rules'. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive — scoped specifically to Micronaut framework security, with framework-specific terms like 'micronaut-security', '@Secured', 'intercept-url-map', and 'SecurityService' that clearly distinguish it from generic security or other framework security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is a well-structured but overly thin wrapper that delegates nearly all substantive content to an external reference file. It provides good build verification commands and a clear workflow skeleton, but lacks any concrete security code examples, configuration snippets, or actionable patterns in the body itself. The redundancy between the 'What is covered' and 'When to use' sections wastes tokens without adding value.
Suggestions
Add at least one concrete, executable example in the body—e.g., a minimal @Secured controller annotation or a micronaut-security YAML configuration snippet—so the skill is useful even without reading the reference file.
Remove or merge the 'What is covered' and 'When to use this skill' sections, which are largely redundant with each other and with the skill description.
Expand the workflow's error handling: after 'stop immediately' on compilation failure, add a feedback loop (diagnose → fix → re-compile → proceed) to properly handle recovery.
Include a brief 'bad pattern → good pattern' example inline (e.g., missing @Secured on a controller vs. properly secured) to make the skill immediately actionable.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The 'What is covered' bullet list and 'When to use this skill' section are largely redundant with each other and with the YAML description. The 'Scope' line adds little. However, the constraints and workflow sections are reasonably tight. | 2 / 3 |
Actionability | The skill provides concrete build commands (./mvnw compile, mvn clean verify) and a clear workflow, but all actual security guidance—code examples, configuration patterns, @Secured usage—is deferred entirely to the reference file. The skill body itself contains no executable security code or concrete configuration examples. | 2 / 3 |
Workflow Clarity | The four-step workflow is clearly sequenced and includes compilation/verification checkpoints, but the validation feedback loop is incomplete—it says 'stop immediately' on failure but doesn't describe error recovery or a retry loop. For security changes that can be destructive, this gap caps the score. | 2 / 3 |
Progressive Disclosure | The skill correctly references a single external file (references/504-frameworks-micronaut-security.md) for detailed content, which is good one-level-deep disclosure. However, since no bundle files were provided, we cannot verify the reference exists or assess its quality. The skill body itself is thin—it could include at least a minimal concrete example to be useful standalone before deferring to the reference. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- jabrena/cursor-rules-java
- Commit
b60c43e
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.