CtrlK
BlogDocsLog inGet started
Tessl Logo

session-security-checker

Session Security Checker - Auto-activating skill for Security Fundamentals. Triggers on: session security checker, session security checker Part of the Security Fundamentals skill category.

34

1.02x

Quality

3%

Does it follow best practices?

Impact

90%

1.02x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/session-security-checker/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

84%

1%

Session Security Audit for Customer Portal

Session cookie vulnerability detection

Criteria
Without context
With context

HttpOnly flag detection

100%

100%

Secure flag detection

100%

100%

SameSite attribute detection

100%

100%

Session secret weakness

100%

100%

Session timeout absence

30%

40%

Vulnerability references

0%

0%

Remediation code provided

100%

100%

No secrets in code

100%

100%

resave/saveUninitialized detection

100%

100%

Step-by-step structure

100%

100%

Without context: $0.2154 · 1m 15s · 8 turns · 9 in / 4,438 out tokens

With context: $0.3768 · 1m 36s · 18 turns · 19 in / 5,707 out tokens

96%

4%

Session Management for a New SaaS API

Secure session implementation and coding practices

Criteria
Without context
With context

Crypto-secure token generation

100%

100%

No hardcoded secrets

33%

66%

Session regeneration after login

100%

100%

Session expiry/timeout

100%

100%

Input validation on auth endpoints

100%

100%

HttpOnly cookie flag

100%

100%

Secure cookie flag

100%

100%

Logout destroys session

100%

100%

Protected route auth check

100%

100%

npm package used

100%

100%

Without context: $0.3907 · 1m 38s · 25 turns · 25 in / 5,414 out tokens

With context: $0.5073 · 1m 57s · 30 turns · 286 in / 6,782 out tokens

90%

Session Security Checker Tool

Session security standards validation and reporting

Criteria
Without context
With context

Standards reference

0%

0%

Checks cookie flags

100%

100%

Checks session timeout

100%

100%

Checks token entropy

100%

100%

Authentication coverage

100%

100%

Input validation check

100%

100%

Vulnerability detection scope

100%

100%

Structured output

100%

100%

Runnable with npm

100%

100%

No hardcoded test secrets

100%

100%

Without context: $0.4695 · 1m 51s · 25 turns · 26 in / 7,089 out tokens

With context: $0.6279 · 2m 28s · 29 turns · 27 in / 9,344 out tokens

Repository
jeremylongshore/claude-code-plugins-plus-skills
Commit

994edc4

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Session Security Audit for Customer PortalSession Management for a New SaaS APISession Security Checker Tool

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill