CtrlK
BlogDocsLog inGet started
Tessl Logo

validating-cors-policies

This skill enables Claude to validate Cross-Origin Resource Sharing (CORS) policies. It uses the cors-policy-validator plugin to analyze CORS configurations and identify potential security vulnerabilities. Use this skill when the user requests to "validate CORS policy", "check CORS configuration", "analyze CORS headers", or asks about "CORS security". It helps ensure that CORS policies are correctly implemented, preventing unauthorized cross-origin requests and protecting sensitive data.

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill validating-cors-policies
What are skills?

66

1.07x

Quality

55%

Does it follow best practices?

Impact

83%

1.07x

Average score across 3 eval scenarios

Optimize this skill with Tessl

npx tessl skill review --optimize ./backups/skills-batch-20251204-000554/plugins/security/cors-policy-validator/skills/cors-policy-validator/SKILL.md
SKILL.md
Review
Evals

Evaluation results

76%

12%

CORS Security Audit for E-Commerce Platform Pre-Launch

CORS policy file validation report

Criteria
Without context
With context

Plugin reference

0%

33%

Source specification

100%

100%

Wildcard-credentials conflict

100%

100%

Exposed sensitive headers

100%

100%

Wildcard allowed headers

100%

100%

Overly permissive methods

100%

100%

Severity classification

100%

100%

Remediation recommendations

100%

100%

Heuristic or manual supplement

0%

33%

Three-step structure

0%

33%

Without context: $0.2198 · 1m 18s · 7 turns · 8 in / 4,346 out tokens

With context: $0.3549 · 1m 38s · 16 turns · 291 in / 5,188 out tokens

78%

9%

CORS Header Review for a Financial Data API

CORS headers analysis with source specification

Criteria
Without context
With context

Plugin reference

0%

0%

Source specification

40%

50%

Wildcard-credentials conflict

100%

100%

Debug token exposure

100%

100%

Sensitive data exposure header

100%

100%

Per-header assessment

100%

100%

Impact descriptions

100%

100%

Concrete recommendations

100%

100%

Three-step workflow

37%

37%

No disallowed tools

0%

100%

Without context: $0.2090 · 1m 20s · 6 turns · 7 in / 4,422 out tokens

With context: $0.3751 · 1m 46s · 17 turns · 64 in / 5,927 out tokens

97%

10%

Comprehensive CORS and Cross-Site Scripting Security Assessment

Heuristic supplement and XSS integration assessment

Criteria
Without context
With context

Plugin reference

0%

100%

Source specification

100%

100%

Heuristic/manual supplement

100%

100%

XSS intersection analysis

100%

100%

Wildcard subdomain risk

100%

100%

Null origin allowance

100%

100%

Wildcard with credentials on admin

70%

100%

Session token exposure

100%

100%

Severity ratings

100%

100%

Prioritized remediation

100%

100%

Three-step workflow

75%

62%

Without context: $0.3694 · 2m 21s · 11 turns · 11 in / 7,636 out tokens

With context: $0.6604 · 3m 9s · 23 turns · 22 in / 11,690 out tokens

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

CORS Security Audit for E-Commerce Platform Pre-LaunchCORS Header Review for a Financial Data APIComprehensive CORS and Cross-Site Scripting Security Assessment

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill