workers-security
Cloudflare Workers security with authentication, CORS, rate limiting, input validation. Use for securing APIs, JWT/API keys, or encountering auth failures, CORS errors, XSS/injection vulnerabilities.
Install with Tessl CLI
npx tessl i github:secondsky/claude-skills --skill workers-securityOverall
score
92%
Does it follow best practices?
Validation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It clearly specifies the security domain within Cloudflare Workers, lists concrete capabilities, and provides explicit trigger scenarios covering both proactive use cases (securing APIs) and reactive situations (encountering errors/vulnerabilities). The description uses proper third-person voice and maintains conciseness while being comprehensive.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: authentication, CORS, rate limiting, input validation. These are distinct, actionable security capabilities rather than vague abstractions. | 3 / 3 |
Completeness | Clearly answers both what (security with authentication, CORS, rate limiting, input validation) AND when (securing APIs, JWT/API keys, auth failures, CORS errors, XSS/injection vulnerabilities) with explicit trigger scenarios. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'securing APIs', 'JWT', 'API keys', 'auth failures', 'CORS errors', 'XSS', 'injection vulnerabilities'. These are terms developers naturally use when encountering these issues. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with 'Cloudflare Workers' as the platform context and specific security-focused triggers. Unlikely to conflict with general web security or other platform-specific skills due to the explicit Cloudflare Workers scope. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
87%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong security skill with excellent actionability and conciseness. The code examples are complete and executable, covering all major security concerns for Cloudflare Workers. The main weakness is the lack of explicit validation/verification steps to confirm security measures are working correctly, which is important for security-critical implementations.
Suggestions
Add a validation section showing how to verify security implementations are working (e.g., testing JWT rejection with invalid tokens, confirming CORS blocks unauthorized origins)
Include a troubleshooting workflow with explicit checkpoints for debugging common security failures (auth failures, CORS errors)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, providing code examples without explaining basic concepts Claude already knows. Every section delivers actionable information without padding or unnecessary context. | 3 / 3 |
Actionability | Provides fully executable TypeScript code for JWT verification, API key validation, input validation with Zod, security headers, and CORS configuration. All examples are copy-paste ready with complete implementations. | 3 / 3 |
Workflow Clarity | The Quick Security Checklist provides a clear sequence, but lacks explicit validation checkpoints and error recovery feedback loops. For security-critical operations, there's no guidance on verifying that security measures are correctly implemented. | 2 / 3 |
Progressive Disclosure | Excellent structure with a quick checklist overview, followed by detailed sections. Clear one-level-deep references to specific reference files, templates, and scripts with well-organized tables explaining when to use each. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 13 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
Total | 13 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.