CtrlK
BlogDocsLog inGet started
Tessl Logo

cors-policy-validator

Cors Policy Validator - Auto-activating skill for Security Fundamentals. Triggers on: cors policy validator, cors policy validator Part of the Security Fundamentals skill category.

36

0.98x

Quality

3%

Does it follow best practices?

Impact

98%

0.98x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/cors-policy-validator/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

96%

-4%

CORS Configuration Security Review

CORS security audit and OWASP validation

Criteria
Without context
With context

Wildcard origin flagged

100%

100%

Credentials + wildcard incompatibility

100%

100%

Wildcard allowedHeaders flagged

100%

100%

Sensitive exposedHeaders flagged

100%

100%

Methods scoped appropriately

100%

50%

Specific allowed origins

100%

100%

maxAge set

100%

100%

Security standard referenced

100%

100%

Severity ratings present

100%

100%

Production-ready fixed config

100%

100%

Without context: $0.2066 · 1m 14s · 11 turns · 12 in / 4,103 out tokens

With context: $0.4512 · 2m 7s · 23 turns · 23 in / 6,808 out tokens

100%

Automated CORS Policy Validation Tool

CORS validator script with step-by-step guidance

Criteria
Without context
With context

Script is executable

100%

100%

Reads from inputs/policies/

100%

100%

Wildcard origin + credentials rule

100%

100%

Wildcard allowedHeaders rule

100%

100%

Passes clean config

100%

100%

Structured report output

100%

100%

Multiple security rules

100%

100%

Rule descriptions actionable

100%

100%

Production-ready code

100%

100%

Step-by-step validation flow

100%

100%

Without context: $0.3337 · 1m 16s · 21 turns · 20 in / 4,835 out tokens

With context: $0.4638 · 1m 30s · 29 turns · 330 in / 5,609 out tokens

100%

Remediate CORS Vulnerabilities Across Microservices

Secure coding practices and vulnerability remediation

Criteria
Without context
With context

Auth wildcard+credentials flagged

100%

100%

Auth attack scenario explained

100%

100%

User broken validator flagged

100%

100%

Data wildcard headers flagged

100%

100%

Sensitive exposed headers flagged

100%

100%

Auth service fixed origin

100%

100%

User service fixed validator

100%

100%

Data service headers restricted

100%

100%

maxAge set in auth fix

100%

100%

Secure coding principle cited

100%

100%

Without context: $0.3542 · 1m 35s · 19 turns · 19 in / 5,141 out tokens

With context: $0.4840 · 1m 59s · 28 turns · 22 in / 6,404 out tokens

Repository
jeremylongshore/claude-code-plugins-plus-skills
Commit

994edc4

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

CORS Configuration Security ReviewAutomated CORS Policy Validation ToolRemediate CORS Vulnerabilities Across Microservices

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill