csrf-protection-validator
Csrf Protection Validator - Auto-activating skill for Security Fundamentals. Triggers on: csrf protection validator, csrf protection validator Part of the Security Fundamentals skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill csrf-protection-validatorOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is severely lacking in substance - it's essentially a placeholder that repeats the skill name without explaining what the skill does or when to use it. The auto-generated format provides no actionable information for Claude to make skill selection decisions. It fails to describe any concrete validation actions or security checks the skill performs.
Suggestions
Add specific actions the skill performs, e.g., 'Validates CSRF token implementation, checks form submissions for proper token handling, audits anti-CSRF mechanisms in web applications'
Include a 'Use when...' clause with natural trigger terms like 'CSRF', 'cross-site request forgery', 'form security', 'token validation', 'request forgery protection'
Remove the redundant trigger listing and replace with meaningful context about what security scenarios this skill addresses
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions - only the skill name repeated. It doesn't explain what the skill actually does (e.g., validates CSRF tokens, checks form submissions, audits protection mechanisms). | 1 / 3 |
Completeness | Neither 'what does this do' nor 'when should Claude use it' is answered. The description only states it's an 'auto-activating skill' without explaining its purpose or trigger conditions. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'csrf protection validator' repeated twice. Missing natural variations users would say like 'CSRF', 'cross-site request forgery', 'form token', 'security token validation', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'CSRF' is fairly specific to a security domain, which provides some distinctiveness. However, the vague 'Security Fundamentals' category and lack of specific actions could cause overlap with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill content is essentially a placeholder template with no actual CSRF protection guidance. It contains only generic meta-descriptions about what the skill supposedly does, without any concrete implementation details, code examples, validation techniques, or security-specific instructions. The content fails to teach Claude anything about CSRF protection.
Suggestions
Add concrete code examples showing CSRF token generation, validation, and common framework implementations (e.g., Django, Express, Rails)
Include a clear workflow for validating CSRF protection: 1) Check token presence, 2) Validate token format, 3) Verify token matches session, 4) Handle failures
Provide specific patterns to look for when auditing code for CSRF vulnerabilities (missing tokens, GET requests for state changes, improper SameSite cookie settings)
Replace generic capability descriptions with actionable checklists or decision trees for CSRF protection validation
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with no actual CSRF-specific information. | 1 / 3 |
Actionability | No concrete code, commands, or specific guidance for CSRF protection. The content describes what the skill supposedly does but provides zero executable instructions on how to actually validate or implement CSRF protection. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps, no validation checkpoints, and no actual process for CSRF protection validation. The 'Capabilities' section lists vague promises without any sequenced actions. | 1 / 3 |
Progressive Disclosure | The content is a flat, uninformative document with no meaningful structure. There are no references to detailed materials, no examples, and no organized sections that would help Claude navigate CSRF protection topics. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.