security-hardening
Security architecture including authentication, authorization, RLS policies, CSP, input validation, and API security. Use when implementing auth flows, writing RLS policies, configuring CSP/headers, validating inputs, or auditing security. Trigger terms: RLS, CSP, Server Actions, Zod, auth flow
100
100%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its security architecture domain with specific capabilities, explicit 'Use when' triggers, and well-chosen trigger terms. It uses proper third-person voice and covers both common user language and technical acronyms. The only minor improvement could be adding a few more natural language variations (e.g., 'security audit', 'row level security', 'content security policy') to catch users who don't use acronyms.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and domains: authentication, authorization, RLS policies, CSP, input validation, API security, auth flows, configuring headers, validating inputs, auditing security. | 3 / 3 |
Completeness | Clearly answers both 'what' (security architecture including authentication, authorization, RLS policies, CSP, input validation, API security) and 'when' (explicit 'Use when' clause with specific triggers like implementing auth flows, writing RLS policies, configuring CSP/headers, validating inputs, auditing security). | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms users would say: 'RLS', 'CSP', 'Server Actions', 'Zod', 'auth flow', 'authentication', 'authorization', 'input validation', 'API security'. These cover both acronyms and full terms users commonly use. | 3 / 3 |
Distinctiveness Conflict Risk | Clearly carved out niche around security architecture with distinct trigger terms like RLS, CSP, Zod, and auth flows. Unlikely to conflict with general coding or database skills due to the security-specific focus and explicit trigger terms. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
100%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is an excellent security skill that covers a broad architecture concisely using tables, provides executable code examples for every major concern (CSP, RLS, Zod, cron auth), and includes a well-sequenced implementation checklist with validation checkpoints. Cross-references are clear and one level deep, and the content respects Claude's intelligence throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient throughout. Tables are used effectively to compress information, no concepts are over-explained, and Claude's intelligence is respected. Every section delivers actionable information without padding. | 3 / 3 |
Actionability | Provides fully executable code examples for CSP configuration, middleware, RLS verification, Zod validation in Server Actions, and cron authorization. Commands like `openssl rand -hex 32` and SQL verification queries are copy-paste ready. | 3 / 3 |
Workflow Clarity | The implementation checklist provides a clear sequence with explicit validation checkpoints (CI checks for RLS, smoke tests for auth, curl for headers, security audit gates). The RLS section includes a test-then-verify feedback loop. Destructive/security operations have validation steps. | 3 / 3 |
Progressive Disclosure | Content is well-structured with clear sections, tables for overview, and one-level-deep cross-references to the database skill for RLS details, api-patterns for Server Actions, and session-checkpoints for related work. The skill stays focused while pointing elsewhere for depth. | 3 / 3 |
Total | 12 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- monkilabs/opencastle
- Commit
f5c8508
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.