CtrlK
BlogDocsLog inGet started
Tessl Logo

404-frameworks-quarkus-security

Use when you need to design, review, or improve security in Quarkus applications — including Quarkus Security with JWT/OIDC, basic auth, @RolesAllowed / @Authenticated / @PermitAll, SecurityIdentity, permission checks, path-based authorization in configuration, exception mapping for auth failures, and sensitive-data-safe logging. This should trigger for requests such as Add Quarkus security support; Review Quarkus security configuration; Improve API authorization in Quarkus; Add JWT/OIDC security in Quarkus; Harden Quarkus authorization rules. Part of Plinth Toolkit

69

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

70%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A well-structured overview with strong progressive disclosure and explicit validation checkpoints, but it leans on the reference for the actual security guidance and duplicates the description's triggers and capability list in the body.

Suggestions

Remove or compress the 'When to use this skill' and 'What is covered in this Skill?' sections, since they restate the frontmatter description and add little unique value.

Add a short inline example or two of the core security patterns (e.g., a minimal @RolesAllowed endpoint or SecurityIdentity check) so the body is actionable without forcing a reference read for common cases.

Tighten the Constraints labels (MANDATORY/SAFETY/VERIFY/BEFORE APPLYING) into a compact checklist to reduce labeling overhead.

DimensionReasoningScore

Conciseness

Mostly lean and free of concept explanation, but the 'What is covered in this Skill?' and 'When to use this skill' sections largely duplicate the frontmatter description, so the body could be tightened.

2 / 3

Actionability

Concrete build commands are present ('./mvnw compile', 'mvn clean verify'), but the core security task guidance is abstract — 'Implement or refactor security-related configuration/code following the reference patterns' — delegating specifics to the reference rather than giving actionable detail.

2 / 3

Workflow Clarity

A clear four-step sequence pairs with explicit validation checkpoints: compile before changes, 'If compilation fails, stop immediately', and 'mvn clean verify' after, forming a feedback loop for a risky change context.

3 / 3

Progressive Disclosure

The body is a concise overview pointing to a single, clearly signaled, one-level-deep reference (references/404-frameworks-quarkus-security.md) that exists in the bundle.

3 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, specific description that covers concrete security capabilities, natural trigger phrases, and a clear Quarkus-scoped niche with low conflict risk. It answers both what the skill does and when to use it.

DimensionReasoningScore

Specificity

Lists multiple concrete capabilities — 'JWT/OIDC, basic auth, @RolesAllowed / @Authenticated / @PermitAll, SecurityIdentity, permission checks, path-based authorization in configuration, exception mapping for auth failures, and sensitive-data-safe logging' — rather than vague language.

3 / 3

Completeness

Clearly answers both what (design/review/improve Quarkus security with enumerated mechanisms) and when ('Use when you need to design, review, or improve security in Quarkus applications' plus trigger examples).

3 / 3

Trigger Term Quality

Natural request phrases users would say are given explicitly: 'Add Quarkus security support; Review Quarkus security configuration; Improve API authorization in Quarkus; Add JWT/OIDC security in Quarkus; Harden Quarkus authorization rules.'

3 / 3

Distinctiveness Conflict Risk

Scoped tightly to Quarkus security with distinct Quarkus-specific triggers, making overlap with other skills unlikely.

3 / 3

Total

12

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
jabrena/plinth
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.