path-traversal-finder

Path Traversal Finder - Auto-activating skill for Security Fundamentals. Triggers on: path traversal finder, path traversal finder Part of the Security Fundamentals skill category.

0.98x

Quality

Does it follow best practices?

Impact

98%

0.98x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/path-traversal-finder/SKILL.md

Evaluation results

100%

Secure File Download API

Path traversal prevention in file serving

Criteria

Without context

With context

Path canonicalization

100%

Base directory check

100%

Rejects traversal attempts

100%

Input validation present

100%

No raw concatenation

100%

Error handling

100%

OWASP or standard referenced

100%

Step-by-step explanation

100%

Vulnerability identified

100%

Production-ready structure

100%

Without context: $0.1770 · 41s · 10 turns · 11 in / 2,318 out tokens

With context: $0.4121 · 1m 31s · 26 turns · 59 in / 4,676 out tokens

100%

Codebase Security Audit: File Access Patterns

Path traversal vulnerability detection

Criteria

Without context

With context

Identifies vulnerable patterns

100%

Recognizes safe pattern

100%

Line-level specificity

100%

Remediation steps

100%

Security standard cited

100%

Structured report format

100%

Scanner detects concatenation

100%

Scanner exits non-zero

100%

Scanner structured output

100%

Production-ready scanner

100%

Without context: $1.0547 · 6m 2s · 19 turns · 19 in / 25,916 out tokens

With context: $0.6579 · 2m 51s · 26 turns · 25 in / 11,128 out tokens

96%

-2%

Tenant-Isolated Document Access Service

Authentication and secure path validation

Criteria

Without context

With context

Auth required

100%

Tenant ID from token

100%

Path canonicalization

100%

Tenant directory boundary check

100%

Tenant isolation enforced

100%

Input validation

75%

50%

Error responses

100%

No sensitive info in errors

100%

Security standard cited

100%

Threats documented

100%

Production-ready Flask app

100%

Without context: $0.3786 · 1m 39s · 24 turns · 24 in / 5,439 out tokens

With context: $0.4841 · 2m 7s · 25 turns · 286 in / 6,807 out tokens

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 994edc4

Evaluated: 18 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Secure File Download API Codebase Security Audit: File Access Patterns Tenant-Isolated Document Access Service

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.