backend-security-coder
Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.
60
Quality
43%
Does it follow best practices?
Impact
86%
1.43xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/backend-security-coder/SKILL.mdQuality
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description has good structure with explicit 'Use when' guidance and covers the security domain adequately. However, it relies on category names rather than concrete actions, and the trigger terms could be more comprehensive to capture natural user language variations. The description would benefit from more specific action verbs and additional security-related keywords users commonly use.
Suggestions
Replace category names with concrete actions: 'Implements JWT/OAuth authentication, validates and sanitizes user inputs, secures REST/GraphQL APIs against injection attacks'
Add common security trigger terms users would naturally say: 'SQL injection', 'XSS', 'OWASP', 'auth', 'login security', 'secure endpoints', 'vulnerability'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (backend security) and lists some actions (input validation, authentication, API security), but these are categories rather than concrete actions like 'validate user inputs', 'implement JWT authentication', or 'sanitize API endpoints'. | 2 / 3 |
Completeness | Clearly answers both what (secure backend coding practices in input validation, authentication, API security) and when (PROACTIVELY for backend security implementations or security code reviews) with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Includes relevant terms like 'backend security', 'input validation', 'authentication', 'API security', and 'security code reviews', but misses common variations users might say like 'auth', 'login security', 'SQL injection', 'XSS', 'OWASP', or 'secure coding'. | 2 / 3 |
Distinctiveness Conflict Risk | Focuses on backend security which is somewhat specific, but could overlap with general coding skills, API development skills, or authentication-specific skills. The 'security code reviews' trigger is broad and could conflict with general code review skills. | 2 / 3 |
Total | 9 / 12 Passed |
Implementation
20%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads like a comprehensive security knowledge taxonomy rather than actionable implementation guidance. It extensively catalogs security concepts Claude already knows without providing the concrete code examples, specific commands, or executable patterns that would make it useful. The content would benefit from dramatic reduction and replacement of descriptive lists with actual implementation examples.
Suggestions
Replace the extensive 'Capabilities' lists with 2-3 concrete, executable code examples for the most common security tasks (e.g., parameterized query implementation, JWT validation, input sanitization)
Remove 'Behavioral Traits' and 'Knowledge Base' sections entirely - these describe what Claude already knows
Add validation checkpoints to the 'Response Approach' workflow (e.g., 'Verify with OWASP ZAP scan before deployment')
Move detailed capability lists to the referenced 'implementation-playbook.md' and keep SKILL.md as a lean quick-start guide
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with extensive lists of concepts Claude already knows (OWASP Top 10, JWT, OAuth, bcrypt, etc.). The 'Capabilities' section reads like a textbook table of contents rather than actionable guidance, and 'Behavioral Traits' describes generic security principles Claude inherently understands. | 1 / 3 |
Actionability | No executable code, no concrete commands, no specific examples. Content is entirely descriptive ('Implement secure user authentication') without showing HOW. The 'Example Interactions' are just prompts, not actual implementation guidance. | 1 / 3 |
Workflow Clarity | The 'Response Approach' section provides a numbered sequence of steps, but lacks validation checkpoints, feedback loops, or concrete verification steps. For security-critical operations, missing validation is a significant gap. | 2 / 3 |
Progressive Disclosure | References 'resources/implementation-playbook.md' for detailed examples, which is good progressive disclosure. However, the main content is a monolithic wall of categorized lists that could be better organized into separate reference files. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- sickn33/antigravity-awesome-skills
- Commit
9c177eb
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.