api-security-hardening
REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.
95
93%
Does it follow best practices?
Impact
96%
1.21xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that effectively communicates both capabilities and usage triggers. It uses third person voice, lists specific security measures, and provides clear trigger scenarios that would help Claude distinguish this skill from general API development or other security-related skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'authentication, rate limiting, input validation, security headers' - these are distinct, actionable security measures rather than vague language. | 3 / 3 |
Completeness | Clearly answers both what ('REST API security hardening with authentication, rate limiting, input validation, security headers') and when ('Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues'). | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'security audits', 'vulnerabilities', 'injection attacks', 'CORS issues', 'production APIs', 'rate limiting' - good coverage of terms developers actually use when facing API security concerns. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on REST API security with distinct triggers like 'injection attacks', 'CORS issues', 'security headers' - unlikely to conflict with general coding or non-security API skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
87%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, actionable security skill with excellent code examples and efficient token usage. The content provides copy-paste ready implementations for common security patterns. The main weakness is the lack of explicit workflow guidance for implementing and verifying these security measures in sequence.
Suggestions
Add a brief implementation order section (e.g., '1. Add helmet first, 2. Configure rate limiting, 3. Verify with curl -I') with validation commands to confirm each layer is active
Include a simple verification step showing how to test that security headers are being returned (e.g., expected curl output)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, jumping directly into executable code without explaining what security headers are or why rate limiting matters. Every section provides actionable code without unnecessary preamble. | 3 / 3 |
Actionability | All code examples are fully executable and copy-paste ready with real library imports, specific configurations, and complete middleware implementations. The validation example shows both setup and error handling. | 3 / 3 |
Workflow Clarity | The content presents security layers but lacks explicit sequencing for implementation order or validation checkpoints. The checklist is helpful but doesn't guide through a verification workflow to confirm each security measure is working. | 2 / 3 |
Progressive Disclosure | Clear structure with focused sections, a concise overview, and well-signaled reference to additional implementations in a separate file. The main content stays focused on Express/JavaScript while pointing to Python/Nginx alternatives. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- secondsky/claude-skills
- Commit
90d6bd7
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.