cookie-security-analyzer
Cookie Security Analyzer - Auto-activating skill for Security Fundamentals. Triggers on: cookie security analyzer, cookie security analyzer Part of the Security Fundamentals skill category.
39
Quality
7%
Does it follow best practices?
Impact
99%
1.05xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/cookie-security-analyzer/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder that provides almost no useful information for skill selection. It lacks any concrete actions, meaningful trigger terms, or guidance on when to use it. The only distinguishing element is the word 'Cookie' in the title, which is insufficient for reliable skill matching.
Suggestions
Add specific capabilities: 'Analyzes cookie attributes for security issues including HttpOnly, Secure, SameSite flags, expiration settings, and domain scope'
Replace the duplicate trigger terms with natural user phrases: 'cookies', 'session cookies', 'cookie flags', 'HttpOnly', 'SameSite', 'web application security', 'browser cookies'
Add explicit 'Use when...' clause: 'Use when reviewing web application security, auditing cookie configurations, or when users mention cookies, sessions, or browser storage security'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Cookie Security Analyzer') without describing any concrete actions. There are no specific capabilities listed like 'analyzes cookie attributes', 'checks HttpOnly flags', or 'identifies security vulnerabilities'. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name, and provides no 'when should Claude use it' guidance. The 'Triggers on' field just repeats the skill name rather than providing meaningful trigger scenarios. | 1 / 3 |
Trigger Term Quality | The trigger terms listed are just the skill name repeated twice ('cookie security analyzer, cookie security analyzer'). Missing natural user terms like 'cookies', 'session security', 'HttpOnly', 'SameSite', 'web security', or 'browser cookies'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'Cookie Security' is somewhat specific to a niche domain, but without concrete actions or clear triggers, it could overlap with general security analysis skills or web security tools. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is a hollow template with no substantive content. It describes what a cookie security analyzer skill would do without providing any actual guidance on analyzing cookie security attributes (HttpOnly, Secure, SameSite, expiration, etc.). The content fails to teach Claude anything it doesn't already know.
Suggestions
Add concrete examples of cookie security analysis: checking for HttpOnly, Secure, SameSite attributes with specific code snippets
Include a clear workflow: 1) Extract cookies, 2) Check each security attribute, 3) Report vulnerabilities with severity ratings
Provide executable code for common scenarios (e.g., parsing Set-Cookie headers, validating cookie configurations)
Remove generic boilerplate sections ('Capabilities', 'Example Triggers') and replace with actionable security analysis guidance
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific about cookie security analysis. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that Claude already understands. | 1 / 3 |
Actionability | No concrete guidance whatsoever - no code examples, no specific commands, no actual cookie security analysis techniques. The content describes what the skill does abstractly rather than instructing how to analyze cookie security. | 1 / 3 |
Workflow Clarity | No workflow is defined. Claims to provide 'step-by-step guidance' but contains zero actual steps. No validation checkpoints or process for analyzing cookies. | 1 / 3 |
Progressive Disclosure | The content is organized into clear sections with headers, but there's no actual content to disclose. No references to detailed materials or examples that would provide depth. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.