CtrlK
BlogDocsLog inGet started
Tessl Logo

504-frameworks-micronaut-security

Use when you need to design, review, or improve security in Micronaut applications — including micronaut-security authentication, @Secured and intercept-url-map rules, JWT/session strategies, SecurityService checks, CORS, CSRF awareness for browser apps, rejection handlers, and sensitive-data-safe logging. This should trigger for requests such as Add Micronaut security support; Review Micronaut security configuration; Improve API authorization in Micronaut; Add JWT security in Micronaut; Harden Micronaut route authorization rules. Part of Plinth Toolkit

72

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

85%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A well-structured, concise overview with a clear validation-gated workflow and good progressive disclosure. Its main weakness is actionability: the body relies on concrete build commands but leaves the actual security implementation guidance abstract and delegated to the reference.

Suggestions

Add one or two short, concrete security snippets (e.g., a minimal @Secured annotation example or a jwt/intercept-url-map YAML block) so the body is actionable without forcing a reference round-trip.

Tighten the abstract workflow step ('Apply framework-aligned changes') by naming the concrete artifact types to produce (controller annotations, application.yml security block, rejection handler).

DimensionReasoningScore

Conciseness

The body is lean (~50 lines), assumes Claude's competence, and avoids explaining concepts Claude already knows; every section earns its place without padding.

3 / 3

Actionability

Concrete build commands are present ('./mvnw compile', './mvnw clean verify'), but the core security guidance is deferred to the reference and workflow steps like 'Implement or refactor security-related configuration/code following the reference patterns' are abstract rather than executable.

2 / 3

Workflow Clarity

The four-step workflow has explicit validation checkpoints (MANDATORY compile-before, SAFETY stop-on-failure, VERIFY after), with a clear compile → stop-if-fail → verify feedback loop.

3 / 3

Progressive Disclosure

The body is a concise overview pointing to a single, well-signaled one-level-deep reference (references/504-frameworks-micronaut-security.md, verified to exist), with content appropriately split between overview and detail.

3 / 3

Total

11

/

12

Passed

Description

90%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, specific description with explicit trigger guidance and a clear Micronaut-security niche. The only issue is second-person voice, which costs it a specificity point per the rubric guideline.

Suggestions

Rewrite the description in third person (e.g., 'Use when designing, reviewing, or improving security in Micronaut applications...') to avoid the second-person penalty and recover the specificity point.

DimensionReasoningScore

Specificity

The description lists many concrete capabilities ('micronaut-security authentication, @Secured and intercept-url-map rules, JWT/session strategies, SecurityService checks, CORS, CSRF awareness, rejection handlers, sensitive-data-safe logging'), which would anchor at 3, but it uses second person voice ('Use when you need to design...'), which the guideline penalizes by reducing specificity by 1.

2 / 3

Completeness

It explicitly answers both 'what' (the enumerated security capabilities) and 'when' ('Use when you need to...' plus 'This should trigger for requests such as...'), matching the level-3 anchor.

3 / 3

Trigger Term Quality

It provides natural trigger phrases a user would actually say ('Add Micronaut security support; Review Micronaut security configuration; Improve API authorization in Micronaut; Add JWT security in Micronaut; Harden Micronaut route authorization rules'), giving good coverage of common variations.

3 / 3

Distinctiveness Conflict Risk

It targets a clear niche (security specifically in Micronaut applications) with distinct, framework-specific triggers, making conflict with other skills unlikely.

3 / 3

Total

11

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
jabrena/plinth
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.