workers-security
Cloudflare Workers security with authentication, CORS, rate limiting, input validation. Use for securing APIs, JWT/API keys, or encountering auth failures, CORS errors, XSS/injection vulnerabilities.
96
93%
Does it follow best practices?
Impact
100%
1.16xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It clearly specifies the platform (Cloudflare Workers), lists concrete security capabilities, and provides explicit trigger conditions with natural developer terminology. The description is concise yet comprehensive, making it easy for Claude to select this skill when users encounter security-related issues in Cloudflare Workers.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'authentication, CORS, rate limiting, input validation' and specific security concerns like 'JWT/API keys', 'auth failures', 'CORS errors', 'XSS/injection vulnerabilities'. | 3 / 3 |
Completeness | Clearly answers both what ('security with authentication, CORS, rate limiting, input validation') and when ('Use for securing APIs, JWT/API keys, or encountering auth failures, CORS errors, XSS/injection vulnerabilities'). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'securing APIs', 'JWT', 'API keys', 'auth failures', 'CORS errors', 'XSS', 'injection vulnerabilities' - these are all terms developers naturally use when encountering these issues. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with 'Cloudflare Workers' as the platform context and specific security domain focus. The combination of platform + security niche makes it unlikely to conflict with general security or general Cloudflare skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
87%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, highly actionable security skill with excellent code examples and efficient use of tokens. The content appropriately assumes Claude's competence while providing concrete, executable patterns. The main weakness is the lack of explicit validation/verification steps to confirm security measures are working correctly.
Suggestions
Add a validation section showing how to verify security implementations are working (e.g., testing JWT rejection with invalid tokens, confirming rate limits trigger correctly)
Include a troubleshooting workflow with explicit checkpoints for debugging common security failures (auth failures, CORS errors)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, providing code examples without explaining basic concepts Claude already knows. Every section delivers actionable information without padding or unnecessary context. | 3 / 3 |
Actionability | Provides fully executable TypeScript code for JWT verification, API key validation, input validation with Zod, security headers, and CORS configuration. All examples are copy-paste ready with complete implementations. | 3 / 3 |
Workflow Clarity | The Quick Security Checklist provides a clear sequence, but lacks explicit validation checkpoints and error recovery feedback loops. For security-critical operations, there's no guidance on verifying that security measures are correctly implemented. | 2 / 3 |
Progressive Disclosure | Excellent structure with a quick checklist overview, followed by detailed sections, and clear one-level-deep references to specific reference files and templates. The 'When to Load References' section provides clear navigation to deeper content. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- secondsky/claude-skills
- Commit
90d6bd7
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.