session-security-checker
Session Security Checker - Auto-activating skill for Security Fundamentals. Triggers on: session security checker, session security checker Part of the Security Fundamentals skill category.
34
Quality
3%
Does it follow best practices?
Impact
90%
1.02xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/session-security-checker/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is severely lacking in substance - it essentially only provides a name and category without explaining what the skill actually does or when it should be used. The duplicated trigger term and absence of concrete actions make it nearly impossible for Claude to appropriately select this skill from a pool of alternatives.
Suggestions
Add specific concrete actions the skill performs (e.g., 'Validates session tokens, checks for session fixation vulnerabilities, monitors session timeout configurations, detects potential session hijacking attempts')
Include a 'Use when...' clause with natural trigger terms users would say (e.g., 'Use when the user asks about session management, authentication security, session timeouts, cookie security, or session-based vulnerabilities')
Remove the duplicate trigger term and replace with varied, natural language keywords users might actually use when needing this skill
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description provides no concrete actions - it only names itself ('Session Security Checker') and mentions it's 'auto-activating' without explaining what it actually does. No specific capabilities like 'validates tokens', 'checks session expiration', or 'detects hijacking' are mentioned. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name, and the 'when' guidance is circular (triggers on its own name). There is no explicit 'Use when...' clause or meaningful trigger guidance. | 1 / 3 |
Trigger Term Quality | The trigger terms are redundant ('session security checker, session security checker' - literally duplicated) and represent the skill name rather than natural user language. Users would more likely say 'check my session', 'session timeout', 'session hijacking', or 'validate authentication'. | 1 / 3 |
Distinctiveness Conflict Risk | While 'session security' is somewhat specific to a security domain, the lack of concrete actions means it could overlap with other security-related skills. The mention of 'Security Fundamentals' category provides some context but doesn't clearly distinguish its unique purpose. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a placeholder template with no actual content. It describes what a session security checker skill would do but provides zero actionable guidance, no code examples, no security checks to perform, and no concrete instructions. The entire content could be replaced with 'TODO: Add actual skill content' and convey the same information.
Suggestions
Add concrete code examples showing how to check session security (e.g., validating session tokens, checking expiration, detecting session fixation vulnerabilities)
Define a clear workflow with specific steps: what to check, how to check it, what constitutes a pass/fail, and how to remediate issues
Remove all generic boilerplate ('provides automated assistance', 'follows industry best practices') and replace with specific security checks and their implementations
Include example inputs and expected outputs showing what a session security check looks like in practice
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that Claude doesn't need and add no actionable value. | 1 / 3 |
Actionability | No concrete code, commands, or specific guidance is provided. The skill describes what it does in abstract terms ('provides step-by-step guidance') but never actually provides any guidance, examples, or executable content. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process is defined. The content claims to provide 'step-by-step guidance' but contains zero actual steps. There are no validation checkpoints or any sequence to follow. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of vague descriptions with no structure pointing to detailed materials. No references to external files, no organized sections with actual content, just placeholder text. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.