validating-cors-policies
This skill enables Claude to validate Cross-Origin Resource Sharing (CORS) policies. It uses the cors-policy-validator plugin to analyze CORS configurations and identify potential security vulnerabilities. Use this skill when the user requests to "validate CORS policy", "check CORS configuration", "analyze CORS headers", or asks about "CORS security". It helps ensure that CORS policies are correctly implemented, preventing unauthorized cross-origin requests and protecting sensitive data.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill validating-cors-policies66
Quality
55%
Does it follow best practices?
Impact
83%
1.07xAverage score across 3 eval scenarios
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-batch-20251204-000554/plugins/security/cors-policy-validator/skills/cors-policy-validator/SKILL.mdDiscovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured skill description with excellent trigger terms and completeness. It clearly defines when to use the skill with explicit trigger phrases and has a distinct niche. The main weakness is that the specific capabilities could be more concrete - listing specific validation checks or outputs would strengthen the specificity dimension.
Suggestions
Add more specific concrete actions like 'checks allowed origins, validates preflight responses, verifies credential handling, tests wildcard configurations'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (CORS policies) and some actions ('validate', 'analyze', 'identify potential security vulnerabilities'), but doesn't list multiple specific concrete actions like checking specific headers, testing origins, or validating preflight responses. | 2 / 3 |
Completeness | Clearly answers both what (validates CORS policies, analyzes configurations, identifies security vulnerabilities) AND when with explicit 'Use this skill when...' clause listing specific trigger phrases. | 3 / 3 |
Trigger Term Quality | Includes good coverage of natural terms users would say: 'validate CORS policy', 'check CORS configuration', 'analyze CORS headers', 'CORS security'. These are realistic phrases users would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Very clear niche focused specifically on CORS policy validation with distinct triggers like 'CORS policy', 'CORS configuration', 'CORS headers'. Unlikely to conflict with general security or web development skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
20%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is overly descriptive and lacks actionable guidance. It explains what the skill does conceptually but never shows how to actually use the cors-policy-validator plugin—no command syntax, no code examples, no expected output formats. The content would benefit from concrete, executable examples and removal of explanatory text that Claude doesn't need.
Suggestions
Add concrete plugin invocation syntax showing exact commands or function calls to use the cors-policy-validator plugin
Include a real example with sample input (e.g., a CORS config snippet) and expected output format
Remove the 'Overview', 'When to Use This Skill', and explanatory sections—this information is already in the skill description metadata
Add validation checkpoints showing how to interpret plugin output and what actions to take for common misconfigurations
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what CORS is, when to use it). Sections like 'Overview', 'When to Use This Skill', and 'How It Works' repeat information without adding actionable value. | 1 / 3 |
Actionability | No concrete code, commands, or executable examples are provided. The examples describe what the skill 'will do' in abstract terms rather than showing actual plugin invocation syntax, expected inputs, or output formats. | 1 / 3 |
Workflow Clarity | Steps are listed (analyze, validate, report) but lack specifics on how to invoke the plugin, what parameters to pass, or how to handle validation failures. No validation checkpoints or error recovery guidance. | 2 / 3 |
Progressive Disclosure | Content is organized into sections but everything is inline with no references to external documentation. The 'Integration' section hints at more but doesn't link anywhere. Structure exists but could be tighter. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.