cookie-security-analyzer
Cookie Security Analyzer - Auto-activating skill for Security Fundamentals. Triggers on: cookie security analyzer, cookie security analyzer Part of the Security Fundamentals skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill cookie-security-analyzerOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is essentially a placeholder that provides almost no useful information for skill selection. It lacks any concrete actions, meaningful trigger terms, or guidance on when to use it. The only distinguishing element is the word 'Cookie' in the title, which is insufficient for reliable skill matching.
Suggestions
Add specific capabilities: 'Analyzes cookie attributes for security issues including HttpOnly, Secure, SameSite flags, expiration settings, and domain scope'
Include a 'Use when...' clause with natural triggers: 'Use when reviewing cookie security, analyzing session management, checking for cookie vulnerabilities, or auditing web application security'
Add relevant file types or contexts: 'Works with HTTP headers, browser developer tools output, Set-Cookie headers, or web application security audits'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Cookie Security Analyzer') without describing any concrete actions. There are no specific capabilities listed like 'analyzes cookie attributes', 'checks HttpOnly flags', or 'identifies security vulnerabilities'. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name, and provides no 'when should Claude use it' guidance. The 'Triggers on' field just repeats the skill name rather than providing meaningful trigger scenarios. | 1 / 3 |
Trigger Term Quality | The trigger terms are just the skill name repeated twice ('cookie security analyzer, cookie security analyzer'). Missing natural user terms like 'cookies', 'session security', 'HttpOnly', 'SameSite', 'web security', or 'browser cookies'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'Cookie Security' is somewhat specific to a niche domain, but without concrete actions or clear triggers, it could overlap with general security analysis skills or web security tools. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill is an empty template with no actual content about cookie security analysis. It contains only meta-descriptions of what a skill should do without any actionable guidance, code examples, or security-specific information. The content would be identical if you replaced 'cookie security analyzer' with any other topic.
Suggestions
Add concrete code examples showing how to analyze cookies for security flags (HttpOnly, Secure, SameSite, Path, Domain restrictions)
Include a checklist or workflow for cookie security assessment: 1) Extract cookies, 2) Check each security attribute, 3) Identify vulnerabilities, 4) Recommend fixes
Provide specific examples of insecure vs secure cookie configurations with explanations of the risks
Remove all generic boilerplate ('provides automated assistance', 'follows best practices') and replace with actual technical content
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with no actual information about cookie security. | 1 / 3 |
Actionability | Contains zero concrete guidance on cookie security analysis. No code examples, no specific security flags to check (HttpOnly, Secure, SameSite), no commands, no actual instructions—just vague descriptions of what the skill supposedly does. | 1 / 3 |
Workflow Clarity | No workflow is defined at all. There are no steps for analyzing cookie security, no validation checkpoints, and no process to follow. The 'Capabilities' section claims step-by-step guidance but provides none. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of placeholder text with no structure for actual learning. No references to detailed materials, no examples file, no API reference—just self-referential trigger phrases. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.