cors-policy-validator
Cors Policy Validator - Auto-activating skill for Security Fundamentals. Triggers on: cors policy validator, cors policy validator Part of the Security Fundamentals skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill cors-policy-validatorOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is severely underdeveloped, consisting primarily of auto-generated metadata rather than useful guidance. It fails to explain what the skill actually does, provides no natural trigger terms users would say, and lacks any 'Use when...' guidance. The redundant trigger terms and boilerplate structure suggest this was templated without customization.
Suggestions
Add specific actions the skill performs, e.g., 'Validates CORS headers, checks Access-Control-Allow-Origin configurations, identifies misconfigured cross-origin policies'
Include a 'Use when...' clause with natural triggers like 'Use when debugging CORS errors, reviewing cross-origin security, or checking API access-control headers'
Add common user terms: 'CORS errors', 'cross-origin requests', 'preflight requests', 'Access-Control headers', 'browser blocking requests'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions - it only states it's a 'validator' without explaining what validation means, what it checks, or what outputs it produces. | 1 / 3 |
Completeness | Missing both 'what' (no explanation of validation actions) and 'when' (no 'Use when...' clause or explicit trigger guidance). The description is essentially metadata without substance. | 1 / 3 |
Trigger Term Quality | The trigger terms are redundant ('cors policy validator' listed twice) and overly technical. Missing natural user phrases like 'CORS errors', 'cross-origin', 'access-control headers', or 'browser security'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'CORS' provides some specificity to web security domain, but 'validator' is generic and could overlap with other security validation skills. Lacks clear niche definition. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill content is essentially a placeholder template with no actual instructional value. It describes what the skill claims to do but provides zero actionable guidance on CORS policy validation—no security checks to perform, no code examples, no common misconfigurations to detect, and no validation workflow.
Suggestions
Add concrete examples of CORS policy validation, such as checking for overly permissive Access-Control-Allow-Origin headers or dangerous wildcard configurations
Include executable code snippets showing how to parse and validate CORS headers from HTTP responses
Define a clear workflow: 1) Extract CORS headers, 2) Check against security rules, 3) Report findings with severity levels
Remove generic boilerplate sections ('Capabilities', 'Example Triggers') and replace with actual security validation logic and common vulnerability patterns
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific about CORS policy validation. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that Claude doesn't need. | 1 / 3 |
Actionability | No concrete code, commands, or specific guidance is provided. The skill describes what it does in abstract terms but never shows how to actually validate a CORS policy or what to check for. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps, no validation checkpoints, and no process for actually performing CORS policy validation. The content only describes trigger phrases. | 1 / 3 |
Progressive Disclosure | The content is a flat, uninformative document with no structure pointing to detailed materials. There are no references to examples, detailed guides, or related documentation. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.