guidewire-security-basics
Implement security best practices for Guidewire InsuranceSuite including OAuth2, JWT handling, API roles, secure Gosu coding, and data protection. Trigger with phrases like "guidewire security", "oauth2 guidewire", "jwt token", "api roles", "secure gosu code", "guidewire authentication".
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill guidewire-security-basics83
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It clearly specifies the security domain within Guidewire InsuranceSuite, lists concrete capabilities, and provides explicit trigger phrases that users would naturally use. The combination of platform-specific terminology (Guidewire, Gosu) with security concepts (OAuth2, JWT) creates a distinctive, easily-selectable skill.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: OAuth2, JWT handling, API roles, secure Gosu coding, and data protection. These are distinct, actionable security capabilities. | 3 / 3 |
Completeness | Clearly answers both what (implement security best practices including OAuth2, JWT, API roles, secure Gosu coding, data protection) and when (explicit 'Trigger with phrases like...' clause with specific examples). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'guidewire security', 'oauth2 guidewire', 'jwt token', 'api roles', 'secure gosu code', 'guidewire authentication'. These are realistic phrases a developer would use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with domain-specific terms like 'Guidewire InsuranceSuite', 'Gosu coding', and 'guidewire authentication'. Unlikely to conflict with generic security skills due to the specific platform focus. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides comprehensive, actionable security implementations for Guidewire with executable code in both TypeScript and Gosu. However, it's verbose for a skill file, includes unnecessary architectural diagrams and prerequisite explanations, and lacks explicit validation checkpoints for security-critical operations. The content would benefit from being split into overview and detailed reference files.
Suggestions
Remove the ASCII architecture diagram and prerequisites section - Claude understands OAuth2/JWT flows and these add tokens without value
Add explicit validation checkpoints between steps, such as 'Test token refresh in isolation before integrating' and 'Verify encryption/decryption round-trip before storing PII'
Split detailed code implementations into separate reference files (e.g., OAUTH2.md, JWT-VALIDATION.md, SECURE-GOSU.md) and keep SKILL.md as a concise overview with links
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary elements like the ASCII architecture diagram and verbose explanations, but the code examples are generally efficient. The prerequisites section explains concepts Claude already knows (OAuth2, JWT concepts). | 2 / 3 |
Actionability | Provides fully executable TypeScript and Gosu code examples that are copy-paste ready. Includes complete implementations for token management, JWT validation, encryption, and middleware with proper error handling. | 3 / 3 |
Workflow Clarity | Steps are numbered and sequenced, but lacks explicit validation checkpoints between steps. For security implementations involving encryption and authentication, there should be verification steps (e.g., 'test token refresh works before deploying'). | 2 / 3 |
Progressive Disclosure | Content is mostly inline with only a brief reference to 'guidewire-prod-checklist' at the end. The extensive code examples could be split into separate reference files, with SKILL.md providing an overview and linking to detailed implementations. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
72%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 8 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (511 lines); consider splitting into references/ and linking | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 8 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.