checking-session-security
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill checking-session-securityThis skill enables Claude to check session security implementations within a codebase. It analyzes session management practices to identify potential vulnerabilities. Use this skill when a user requests to "check session security", "audit session handling", "review session implementation", or asks about "session security best practices" in their code. It helps identify issues like insecure session IDs, lack of proper session expiration, or insufficient protection against session fixation attacks. This skill leverages the session-security-checker plugin.
Validation
75%| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
body_output_format | No obvious output/return/format terms detected; consider specifying expected outputs | Warning |
Total | 12 / 16 Passed | |
Implementation
20%This skill content is too abstract and verbose, describing what the skill does rather than providing actionable instructions on how to use it. It lacks any concrete code examples, specific commands for the session-security-checker plugin, or executable guidance. The content explains basic security concepts Claude already knows while omitting the critical implementation details needed to actually perform the task.
Suggestions
Add concrete code examples showing how to invoke the session-security-checker plugin with specific commands or API calls
Remove generic explanations of session security concepts (fixation, expiration, etc.) that Claude already understands
Include a specific example of plugin output and how to interpret the results
Add validation steps showing how to verify the security check completed successfully and what to do if issues are found
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what session fixation is, what session expiration means, basic security concepts). The 'When to Use This Skill' section repeats information from the description, and 'Best Practices' lists generic security advice that adds no new value. | 1 / 3 |
Actionability | No concrete code, commands, or executable guidance provided. The skill describes what it will do abstractly ('analyze the code', 'identify vulnerabilities') but never shows how to actually invoke the session-security-checker plugin or what specific commands/APIs to use. | 1 / 3 |
Workflow Clarity | Steps are listed (Analyze, Identify, Generate Report) but lack specifics on how to execute each step, what validation looks like, or how to handle errors. No concrete checkpoints or feedback loops for the security review process. | 2 / 3 |
Progressive Disclosure | Content is reasonably organized with clear sections, but everything is inline in one file. The 'Integration' section hints at other plugins but provides no references. For a skill of this length, the structure is acceptable but could benefit from linking to detailed documentation. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
100%This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities (session security analysis with concrete vulnerability types), includes natural trigger terms users would actually say, explicitly states when to use it, and carves out a distinct niche that won't conflict with broader security skills. The description uses proper third-person voice throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'analyzes session management practices', 'identify issues like insecure session IDs, lack of proper session expiration, or insufficient protection against session fixation attacks'. These are concrete, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both what (checks session security implementations, identifies vulnerabilities like insecure session IDs, expiration issues, session fixation) AND when (explicit 'Use this skill when...' clause with specific trigger phrases). | 3 / 3 |
Trigger Term Quality | Includes excellent natural trigger terms users would say: 'check session security', 'audit session handling', 'review session implementation', 'session security best practices'. These cover common variations of how users would phrase requests. | 3 / 3 |
Distinctiveness Conflict Risk | Has a clear niche focused specifically on session security within codebases. The specific vulnerability types mentioned (session IDs, expiration, session fixation) and the explicit trigger terms make it unlikely to conflict with general security or code review skills. | 3 / 3 |
Total | 12 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.