session-security-checker
Session Security Checker - Auto-activating skill for Security Fundamentals. Triggers on: session security checker, session security checker Part of the Security Fundamentals skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill session-security-checkerOverall
score
17%
Does it follow best practices?
Validation for skill structure
Activation
0%This description is severely lacking across all dimensions. It functions more as a label than a description, providing no information about what the skill actually does, what security aspects it checks, or when it should be activated. The repeated trigger term and vague category reference make it nearly useless for skill selection.
Suggestions
Add specific actions the skill performs, e.g., 'Validates session tokens, checks for session fixation vulnerabilities, analyzes cookie security settings, detects session timeout issues'
Include a 'Use when...' clause with natural trigger terms like 'session security', 'session tokens', 'cookie security', 'session hijacking', 'authentication sessions', 'session management'
Differentiate from other security skills by specifying the exact scope, e.g., 'Focuses specifically on HTTP session security rather than general application security or network security'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description provides no concrete actions - it only names itself ('Session Security Checker') without explaining what it actually does. There are no verbs describing capabilities like 'validates', 'scans', 'detects', etc. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. It only states it's an 'auto-activating skill' for a category without explaining functionality or explicit usage triggers. | 1 / 3 |
Trigger Term Quality | The trigger terms are just the skill name repeated twice ('session security checker, session security checker'). No natural user keywords like 'session', 'authentication', 'token', 'cookie security', or 'session hijacking' are included. | 1 / 3 |
Distinctiveness Conflict Risk | The description is extremely generic - 'Security Fundamentals' could overlap with many security-related skills. Without specific capabilities or triggers, it's impossible to distinguish from other security skills. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%This skill is essentially a placeholder with no substantive content. It repeatedly references 'session security checker' without ever defining what that means or providing any actionable guidance. The entire content consists of meta-descriptions about what the skill claims to do rather than actual instructions, code, or security practices.
Suggestions
Define what 'session security checker' actually means - provide specific security checks like session token validation, timeout verification, secure cookie attributes, etc.
Add executable code examples showing how to implement session security checks (e.g., validating session tokens, checking for session fixation vulnerabilities)
Include a concrete workflow with validation steps: what to check, how to check it, what constitutes a pass/fail, and how to remediate issues
Replace generic capability claims with specific, actionable guidance that Claude can execute
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with no actionable information. | 1 / 3 |
Actionability | There is zero concrete guidance - no code, no commands, no specific steps, no examples of what session security actually involves. The skill describes what it claims to do rather than instructing how to do anything. | 1 / 3 |
Workflow Clarity | No workflow is defined. The skill mentions 'step-by-step guidance' but provides none. There are no validation steps, no sequence of operations, and no actual process to follow. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of vague descriptions with no structure pointing to detailed materials. References to 'Related Skills' and tags exist but link to nothing actionable. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.