security-headers-generator
Security Headers Generator - Auto-activating skill for Security Fundamentals. Triggers on: security headers generator, security headers generator Part of the Security Fundamentals skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill security-headers-generatorOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is essentially a placeholder that provides almost no useful information for skill selection. It lacks concrete actions, meaningful trigger terms, and explicit usage guidance. The only distinguishing element is the domain-specific term 'security headers' but this alone is insufficient for Claude to make informed skill selection decisions.
Suggestions
Add concrete actions the skill performs, e.g., 'Generates HTTP security headers (CSP, CORS, X-Frame-Options, HSTS), analyzes existing header configurations, and recommends security improvements.'
Add a 'Use when...' clause with natural trigger terms like 'Use when the user asks about HTTP security headers, Content-Security-Policy, CORS configuration, XSS protection headers, or securing web application responses.'
Include common variations and file types users might mention, such as '.htaccess', 'nginx config', 'web.config', or specific header names like 'Strict-Transport-Security'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Security Headers Generator') without describing any concrete actions. It doesn't explain what the skill actually does - no mention of generating, configuring, analyzing, or any specific operations. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name, and provides no 'when should Claude use it' guidance. The 'Triggers on' section is not a proper 'Use when...' clause and only repeats the skill name. | 1 / 3 |
Trigger Term Quality | The trigger terms are redundant ('security headers generator' listed twice) and overly specific. Missing natural variations users would say like 'HTTP headers', 'CSP', 'CORS', 'content security policy', 'X-Frame-Options', or 'secure my headers'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'security headers' is somewhat specific to a particular domain (HTTP security headers), which provides some distinctiveness. However, without concrete actions described, it could still conflict with general security or web development skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill is entirely meta-content with no actual substance. It describes what a security headers generator skill would do without providing any actual security headers, configurations, or implementation guidance. A proper skill would list specific headers (CSP, HSTS, X-Frame-Options, etc.) with concrete configuration examples.
Suggestions
Add actual security headers with concrete examples: Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, etc. with recommended values
Include executable code snippets for common frameworks (Express.js, nginx, Apache) showing how to implement each header
Provide a validation checklist or command to verify headers are correctly set (e.g., curl commands or browser dev tools instructions)
Remove all meta-description content ('This skill provides...', 'When to Use...') and replace with actual actionable guidance
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with no actual security headers information. | 1 / 3 |
Actionability | Contains zero concrete guidance - no actual security headers listed, no code examples, no configuration snippets. The entire skill describes what it claims to do rather than providing any executable instructions. | 1 / 3 |
Workflow Clarity | No workflow exists. Claims to provide 'step-by-step guidance' but includes no steps. There's no sequence, no validation, and no actual process for generating security headers. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of meta-description with no actual content to organize. No references to detailed materials, no structure beyond generic section headers that contain no useful information. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.