insecure-deserialization-checker
Insecure Deserialization Checker - Auto-activating skill for Security Fundamentals. Triggers on: insecure deserialization checker, insecure deserialization checker Part of the Security Fundamentals skill category.
36
Quality
3%
Does it follow best practices?
Impact
99%
0.99xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/insecure-deserialization-checker/SKILL.mdEvaluation results
100%
Security Audit: Flask API Deserialization Review
Python deserialization vulnerability detection
Identifies pickle.loads vulnerability
100%
100%
OWASP A8 reference
100%
100%
Severity classification
100%
100%
Affected code location
100%
100%
Removes pickle in remediation
100%
100%
Uses safe alternative serialization
100%
100%
Input validation added
100%
100%
Auth bypass risk noted
100%
100%
Step-by-step remediation
100%
100%
Production-ready remediated code
100%
100%
Without context: $0.2424 · 1m 18s · 13 turns · 14 in / 4,788 out tokens
With context: $0.4886 · 2m 5s · 24 turns · 24 in / 7,118 out tokens
98%
-2%Node.js Session Handler Security Review
Node.js deserialization vulnerability identification
Identifies node-serialize as vulnerable
100%
100%
Names unserialize() as the attack surface
100%
100%
IIFE/RCE exploitation mechanism
100%
100%
OWASP reference
100%
100%
Removes node-serialize dependency
100%
100%
Uses JSON-based replacement
100%
100%
Preserves module API
100%
100%
Input validation in loadSession
100%
75%
Remediation steps included
100%
100%
Exploitation scenario described
100%
100%
Without context: $0.4068 · 1m 58s · 20 turns · 20 in / 6,944 out tokens
With context: $0.5522 · 2m 21s · 29 turns · 60 in / 7,582 out tokens
100%
Build a Deserialization Vulnerability Scanner
Multi-language deserialization scanner tool
Detects Python pickle pattern
100%
100%
Detects Python yaml.load pattern
100%
100%
Detects Python jsonpickle pattern
100%
100%
Detects Node.js node-serialize pattern
100%
100%
Detects Java ObjectInputStream pattern
100%
100%
No false positive on safe code
100%
100%
Findings include file path and line number
100%
100%
Step-by-step scanner approach
100%
100%
README references security standards
100%
100%
README covers all three languages
100%
100%
Scanner is executable
100%
100%
Without context: $0.5448 · 2m 26s · 25 turns · 26 in / 9,105 out tokens
With context: $0.7519 · 2m 51s · 35 turns · 333 in / 10,320 out tokens
- Commit
994edc4
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.