CtrlK
BlogDocsLog inGet started
Tessl Logo

csrf-protection

Implements CSRF protection using synchronizer tokens, double-submit cookies, and SameSite attributes. Use when securing web forms, protecting state-changing endpoints, or implementing defense-in-depth authentication.

90

1.23x
Quality

86%

Does it follow best practices?

Impact

94%

1.23x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Evaluation results

90%

22%

Secure a Banking Transfer Form Against CSRF Attacks

Express CSRF synchronizer token middleware

Criteria
Without context
With context

Secure token generation

100%

100%

Hex encoding

100%

100%

Timing-safe comparison

0%

100%

Session token storage

100%

100%

res.locals exposure

100%

100%

Token field names

50%

100%

403 rejection response

50%

50%

Cookie httpOnly flag

100%

100%

Cookie secure flag

0%

0%

Cookie sameSite strict

100%

100%

Cookie maxAge

0%

100%

Hidden form field

100%

100%

92%

32%

Add CSRF Protection to a Flask API with React Frontend

Flask + React SPA CSRF integration

Criteria
Without context
With context

Flask-WTF CSRFProtect

100%

100%

CSRF time limit config

0%

100%

SameSite Strict config

0%

100%

Secure cookie config

33%

100%

HttpOnly cookie config

100%

100%

CSRF token endpoint

100%

100%

XSRF-TOKEN cookie

0%

100%

Webhook exemption

100%

100%

useCsrf hook fetch

100%

100%

Cookie token reading

50%

100%

X-CSRF-Token header

0%

0%

credentials include

100%

100%

No localStorage storage

100%

100%

100%

Implement Stateless CSRF Protection for a Python Microservice

Python double-submit cookie CSRF pattern

Criteria
Without context
With context

hmac.compare_digest usage

100%

100%

Cookie token source

100%

100%

Header token source

100%

100%

Missing token rejection

100%

100%

Mismatch rejection

100%

100%

Decorator pattern

100%

100%

Applied to POST routes

100%

100%

No session dependency

100%

100%

Test: valid request passes

100%

100%

Test: mismatch rejected

100%

100%

Repository
secondsky/claude-skills
Commit

90d6bd7

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Secure a Banking Transfer Form Against CSRF AttacksAdd CSRF Protection to a Flask API with React FrontendImplement Stateless CSRF Protection for a Python Microservice

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill