secure-code-guardian
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities — including custom security implementations such as hashing passwords with bcrypt/argon2, sanitizing SQL queries with parameterized statements, configuring CORS/CSP headers, validating input with Zod, and setting up JWT tokens. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention, secure session management, and security hardening. For pre-built OAuth/SSO integrations or standalone security audits, consider a more specialized skill.
97
100%
Does it follow best practices?
Impact
95%
1.30xAverage score across 6 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that excels across all dimensions. It provides specific concrete actions with named technologies, comprehensive trigger terms that users would naturally use, explicit 'Use when' guidance, and clear boundaries distinguishing it from related skills. The description is well-structured and appropriately detailed without being verbose.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'hashing passwords with bcrypt/argon2', 'sanitizing SQL queries with parameterized statements', 'configuring CORS/CSP headers', 'validating input with Zod', 'setting up JWT tokens'. | 3 / 3 |
Completeness | Clearly answers both what (custom security implementations with specific examples) and when ('Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities'). Also includes helpful exclusion guidance for OAuth/SSO. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'authentication', 'authorization', 'input validation', 'encryption', 'OWASP Top 10', 'secure session management', 'security hardening', 'bcrypt', 'argon2', 'JWT', 'CORS', 'CSP', 'Zod'. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused on custom security implementations with distinct triggers. Explicitly differentiates from OAuth/SSO integrations and standalone security audits, reducing conflict risk with related skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
100%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is an exemplary security skill that balances comprehensive coverage with token efficiency. It provides executable code examples for all critical security patterns, clear validation checkpoints with specific test cases, and well-organized progressive disclosure to detailed references. The MUST DO/MUST NOT DO constraints are concrete and actionable.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is lean and efficient, assuming Claude's competence with security concepts. No unnecessary explanations of what bcrypt is or why SQL injection is bad—it jumps straight to actionable patterns and code. | 3 / 3 |
Actionability | Provides fully executable TypeScript code examples for all major security patterns (password hashing, parameterized queries, Zod validation, JWT, full endpoint). Code is copy-paste ready with proper imports and realistic configurations. | 3 / 3 |
Workflow Clarity | Clear 5-step workflow with explicit validation checkpoints section detailing specific tests for authentication, authorization, input handling, and headers. Includes concrete test payloads and verification methods. | 3 / 3 |
Progressive Disclosure | Well-structured with a reference table pointing to one-level-deep topic files (owasp-prevention.md, authentication.md, etc.) with clear 'Load When' guidance. Core content stays in SKILL.md while detailed guidance is appropriately externalized. | 3 / 3 |
Total | 12 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- jeffallan/claude-skills
- Commit
5b76101
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.