CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

validating-cors-policies

tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill validating-cors-policies

This skill enables Claude to validate Cross-Origin Resource Sharing (CORS) policies. It uses the cors-policy-validator plugin to analyze CORS configurations and identify potential security vulnerabilities. Use this skill when the user requests to "validate CORS policy", "check CORS configuration", "analyze CORS headers", or asks about "CORS security". It helps ensure that CORS policies are correctly implemented, preventing unauthorized cross-origin requests and protecting sensitive data.

56%

Overall

Validation75%

Implementation20%

Activation90%

SKILL.md
Review
Evals

Validation

75%
CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

metadata_version

'metadata' field is not a dictionary

Warning

license_field

'license' field is missing

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

12

/

16

Passed

Implementation

20%

This skill content is too abstract and descriptive rather than instructive. It explains what the skill does conceptually but fails to provide the concrete plugin invocation syntax, input/output formats, or executable examples that Claude needs to actually perform CORS validation. The content reads more like marketing copy than actionable technical guidance.

Suggestions

Add concrete plugin invocation syntax showing exactly how to call cors-policy-validator with example parameters

Include a complete executable example with sample input (e.g., a CORS policy JSON) and expected output format

Remove explanatory content about what CORS is and why validation matters - Claude already knows this

Add specific error handling guidance showing what to do when validation fails or returns specific error types

DimensionReasoningScore

Conciseness

The content is verbose and explains concepts Claude already knows (what CORS is, why validation matters). Phrases like 'empowers Claude' and 'helping developers build more secure web applications' are filler that don't add actionable value.

1 / 3

Actionability

No concrete code, commands, or executable examples are provided. The examples describe what the skill 'will do' in abstract terms rather than showing actual plugin invocation syntax, expected input formats, or output schemas.

1 / 3

Workflow Clarity

Steps are listed (Analyze, Validate, Report) but lack specifics on how to invoke the cors-policy-validator plugin, what parameters it accepts, or how to handle validation failures. No validation checkpoints or error recovery guidance.

2 / 3

Progressive Disclosure

Content is organized into sections but everything is inline with no references to detailed documentation. The skill could benefit from linking to plugin documentation or example configuration files rather than describing them abstractly.

2 / 3

Total

6

/

12

Passed

Activation

90%

This is a well-structured skill description that clearly communicates its purpose and includes explicit trigger guidance. The description effectively answers when to use the skill with natural user phrases. The main weakness is that the specific capabilities could be more detailed - listing concrete actions like 'check allowed origins', 'validate preflight responses', or 'audit Access-Control headers' would strengthen specificity.

Suggestions

Add more concrete specific actions beyond 'validate' and 'analyze' - e.g., 'check allowed origins, validate preflight responses, audit Access-Control-Allow-* headers'

DimensionReasoningScore

Specificity

Names the domain (CORS policies) and some actions ('validate', 'analyze CORS configurations', 'identify potential security vulnerabilities'), but doesn't list multiple concrete specific actions like checking specific headers, testing origins, or validating preflight responses.

2 / 3

Completeness

Clearly answers both what ('validate CORS policies, analyze configurations, identify security vulnerabilities') and when ('Use this skill when the user requests to validate CORS policy, check CORS configuration, analyze CORS headers, or asks about CORS security').

3 / 3

Trigger Term Quality

Includes good coverage of natural terms users would say: 'validate CORS policy', 'check CORS configuration', 'analyze CORS headers', 'CORS security'. These are realistic phrases users would naturally use when needing this skill.

3 / 3

Distinctiveness Conflict Risk

Has a clear niche focused specifically on CORS policy validation with distinct triggers like 'CORS policy', 'CORS configuration', 'CORS headers'. Unlikely to conflict with general security or web development skills due to the specific CORS focus.

3 / 3

Total

11

/

12

Passed

Reviewed

Table of Contents

ValidationImplementationActivation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill