checking-session-security
This skill enables Claude to check session security implementations within a codebase. It analyzes session management practices to identify potential vulnerabilities. Use this skill when a user requests to "check session security", "audit session handling", "review session implementation", or asks about "session security best practices" in their code. It helps identify issues like insecure session IDs, lack of proper session expiration, or insufficient protection against session fixation attacks. This skill leverages the session-security-checker plugin.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill checking-session-security91
Quality
60%
Does it follow best practices?
Impact
97%
1.02xAverage score across 9 eval scenarios
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/session-security-checker/skills/session-security-checker/SKILL.mdDiscovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities (session ID security, expiration, fixation attacks), includes natural trigger terms users would actually say, explicitly states when to use it, and carves out a distinct niche in session security that won't conflict with broader security skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'analyzes session management practices', 'identify issues like insecure session IDs, lack of proper session expiration, or insufficient protection against session fixation attacks'. These are concrete, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both what (checks session security implementations, identifies vulnerabilities like insecure session IDs, session expiration issues, session fixation attacks) AND when (explicit 'Use this skill when...' clause with multiple trigger phrases). | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'check session security', 'audit session handling', 'review session implementation', 'session security best practices'. These are realistic phrases a developer would use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Has a clear niche focused specifically on session security with distinct triggers like 'session fixation attacks', 'session IDs', 'session expiration'. Unlikely to conflict with general security or code review skills due to the specific session focus. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
20%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is largely descriptive rather than instructive. It explains what the skill does conceptually but fails to provide any concrete implementation details, commands, or code examples for actually using the session-security-checker plugin. The content wastes tokens on generic security advice Claude already knows while omitting the specific, actionable guidance needed to execute the skill.
Suggestions
Add concrete commands or code showing how to invoke the session-security-checker plugin (e.g., `session-security-checker scan ./src`)
Remove generic security explanations (session fixation definition, basic best practices) that Claude already knows
Provide a concrete example showing actual input code and the expected output/report format
Add specific validation steps and error handling for when the plugin encounters issues
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what session fixation is, what session expiration means, basic security concepts). The 'When to Use This Skill' section repeats information from the description, and 'Best Practices' lists generic security advice Claude would already know. | 1 / 3 |
Actionability | No concrete code, commands, or executable guidance provided. The skill describes what it will do abstractly ('analyze the code', 'identify vulnerabilities') but provides no actual implementation details, tool invocations, or specific commands to run the session-security-checker plugin. | 1 / 3 |
Workflow Clarity | Steps are listed (Analyze, Identify, Generate Report) but lack specifics on how to execute them. No validation checkpoints, no error handling, and no concrete workflow for using the mentioned plugin. The examples describe outcomes but not the actual process. | 2 / 3 |
Progressive Disclosure | Content is organized into sections but everything is inline in one file. The 'Integration' section hints at other plugins but provides no references. For a skill of this length, the structure is acceptable but could benefit from linking to detailed documentation or examples. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.