security-hardening
Security architecture including authentication, authorization, RLS policies, CSP, input validation, and API security. Use when implementing auth flows, writing RLS policies, configuring CSP/headers, validating inputs, or auditing security. Trigger terms: RLS, CSP, Server Actions, Zod, auth flow
100
100%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that clearly defines its security architecture domain with specific capabilities, explicit 'Use when' triggers, and distinct trigger terms. It uses proper third-person voice throughout and covers both common user language and technical terms. The description is concise yet comprehensive, making it easy for Claude to distinguish from other skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and domains: authentication, authorization, RLS policies, CSP, input validation, API security, auth flows, configuring headers, validating inputs, auditing security. | 3 / 3 |
Completeness | Clearly answers both 'what' (security architecture including authentication, authorization, RLS policies, CSP, input validation, API security) and 'when' (explicit 'Use when' clause with specific triggers like implementing auth flows, writing RLS policies, configuring CSP/headers, validating inputs, auditing security). | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms users would say: 'RLS', 'CSP', 'Server Actions', 'Zod', 'auth flow', 'authentication', 'authorization', 'input validation', 'API security'. These cover both acronyms and full terms users commonly use. | 3 / 3 |
Distinctiveness Conflict Risk | Clearly carved out niche around security architecture with distinct trigger terms like RLS, CSP, Zod, and auth flows. Unlikely to conflict with general coding or database skills due to the security-specific focus and explicit trigger terms. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
100%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is an excellent security skill that covers a broad architecture concisely using tables, provides executable code examples for every major concern (CSP, RLS, Zod, cron auth), and includes a well-structured implementation checklist with validation checkpoints. The progressive disclosure is well-handled with appropriate cross-references to related skills without nesting deeply.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient throughout. Tables are used effectively to compress information, no concepts are over-explained, and Claude's intelligence is respected. Every section delivers actionable information without padding. | 3 / 3 |
Actionability | Provides fully executable code examples for CSP configuration, middleware, RLS verification, Zod validation in Server Actions, and cron authorization. Commands like `openssl rand -hex 32` and SQL verification queries are copy-paste ready. | 3 / 3 |
Workflow Clarity | The implementation checklist provides a clear sequence with explicit validation checkpoints (CI checks for RLS, integration smoke tests, header validation with curl, security audit gates blocking merges). The RLS section includes a test-then-verify feedback loop pattern. | 3 / 3 |
Progressive Disclosure | Content is well-structured with clear sections, uses tables for overview information, and appropriately references external skills (database skill for RLS details, api-patterns for Server Actions, session-checkpoints) with one-level-deep links. The main file stays focused while pointing to authoritative sources. | 3 / 3 |
Total | 12 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- monkilabs/opencastle
- Commit
18c6f2c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.