websocket
Real-time bidirectional communication with security focus on CSWSH prevention, authentication, and message validation
69
58%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/websocket/SKILL.mdQuality
Discovery
32%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear technical domain (WebSocket security) with some specific security concerns, but lacks actionable trigger guidance and concrete actions. The absence of a 'Use when...' clause significantly limits Claude's ability to know when to select this skill, and the technical jargon (CSWSH) may not match natural user language.
Suggestions
Add a 'Use when...' clause with trigger terms like 'WebSocket', 'real-time communication', 'socket security', 'bidirectional messaging'
Replace or expand the CSWSH acronym and add natural language triggers users would actually say (e.g., 'cross-site WebSocket hijacking', 'secure WebSocket connections')
List specific concrete actions such as 'implement WebSocket handlers', 'validate connection origins', 'secure message protocols'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (WebSocket communication) and mentions specific security concerns (CSWSH prevention, authentication, message validation), but doesn't list concrete actions like 'implement WebSocket handlers' or 'validate origin headers'. | 2 / 3 |
Completeness | Describes what (WebSocket communication with security focus) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. | 1 / 3 |
Trigger Term Quality | Includes technical terms like 'WebSocket', 'CSWSH', 'authentication' but uses jargon (CSWSH) that users may not naturally say. Missing common variations like 'real-time messaging', 'socket connections', 'ws://', 'wss://'. | 2 / 3 |
Distinctiveness Conflict Risk | The WebSocket + security focus provides some distinction, but 'authentication' and 'message validation' could overlap with general security or API skills. The CSWSH mention adds specificity but may be too narrow. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, well-structured security skill with excellent actionability through complete, executable code examples and clear TDD workflows with validation checkpoints. The progressive disclosure is well-implemented with appropriate references to supporting files. Minor improvements could be made by trimming some redundant content like the persona statement and consolidating the multiple summary sections.
Suggestions
Remove the 'You are an expert' persona statement - Claude doesn't need this framing
Consolidate the CSWSH Prevention Summary (Section 7) with the Summary (Section 10) to reduce redundancy
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably efficient but includes some unnecessary content like the 'You are an expert' persona statement, redundant summaries, and the OWASP mapping table that adds limited value. The core patterns are well-presented but could be tightened. | 2 / 3 |
Actionability | Excellent executable code examples throughout - complete Python implementations for origin validation, token authentication, rate limiting, and connection management. All patterns are copy-paste ready with proper imports and realistic configurations. | 3 / 3 |
Workflow Clarity | Clear TDD workflow with explicit steps (write failing test → implement minimum → refactor and verify). The pre-implementation checklist provides explicit validation gates across three phases, and the security decision framework table gives clear guidance for each situation. | 3 / 3 |
Progressive Disclosure | Well-organized with clear file structure at the top pointing to one-level-deep references (security-examples.md, advanced-patterns.md, threat-model.md). Content is appropriately split between core SKILL.md and reference materials, with clear navigation signals. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
75%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 12 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 12 / 16 Passed | |
- Repository
- martinholovsky/claude-skills-generator
- Commit
1086ef2
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.