CtrlK
BlogDocsLog inGet started
Tessl Logo

workers-security

Cloudflare Workers security with authentication, CORS, rate limiting, input validation. Use for securing APIs, JWT/API keys, or encountering auth failures, CORS errors, XSS/injection vulnerabilities.

96

1.16x
Quality

93%

Does it follow best practices?

Impact

100%

1.16x

Average score across 3 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Evaluation results

100%

32%

User Comments API with Abuse Protection

Input validation and rate limiting

Criteria
Without context
With context

Zod import and usage

0%

100%

400 on validation failure

0%

100%

Schema size constraints

0%

100%

Parameterized D1 queries

100%

100%

CF-Connecting-IP for rate limit key

100%

100%

429 with Retry-After

100%

100%

Rate limit response headers

100%

100%

Content-Type validation

100%

100%

Rate limit state in KV or DO

100%

100%

Validation before DB operations

100%

100%

100%

Secure Dashboard API Worker

JWT authentication and security headers

Criteria
Without context
With context

crypto.subtle HMAC for JWT

100%

100%

JWT expiration check

100%

100%

JWT not-before check

100%

100%

Authorization Bearer extraction

100%

100%

401 JSON for auth failures

100%

100%

X-Content-Type-Options header

100%

100%

X-Frame-Options header

100%

100%

HSTS header

100%

100%

Content-Security-Policy header

100%

100%

Referrer-Policy header

100%

100%

Server info header removal

100%

100%

Secure cookie attributes

100%

100%

100%

8%

Multi-Origin API Gateway for Partner Integrations

CORS configuration and secrets management

Criteria
Without context
With context

No wildcard CORS origin

100%

100%

Origin allowlist validation

100%

100%

OPTIONS preflight handled first

100%

100%

Vary: Origin header

100%

100%

Access-Control-Max-Age on preflight

0%

100%

No Origin-based access control

100%

100%

Secrets via Wrangler, not hardcoded

100%

100%

Constant-time secret comparison

100%

100%

No secret logging

100%

100%

No secrets in responses

100%

100%

Repository
secondsky/claude-skills
Commit

90d6bd7

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

User Comments API with Abuse ProtectionSecure Dashboard API WorkerMulti-Origin API Gateway for Partner Integrations

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill