backend-security-coder
Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.
39
37%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/backend-security-coder/SKILL.mdQuality
Discovery
67%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description has a solid structure with both 'what' and 'when' clauses clearly stated, which is its strongest aspect. However, it operates at a category level rather than listing specific concrete actions, and the trigger terms could be expanded significantly to cover the natural language users would employ when seeking security help. The domain is identifiable but could overlap with adjacent skills.
Suggestions
Add more specific concrete actions like 'sanitize user inputs against SQL injection and XSS, implement JWT/OAuth authentication flows, configure rate limiting and CORS policies'.
Expand trigger terms to include common user phrases like 'SQL injection', 'XSS', 'CSRF protection', 'password hashing', 'OWASP', 'vulnerability', 'secure endpoints', '.env secrets'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (backend security) and some actions (input validation, authentication, API security, security code reviews), but these are more like categories than concrete actions. It doesn't list specific tasks like 'sanitize SQL queries, implement JWT token validation, configure CORS headers'. | 2 / 3 |
Completeness | Clearly answers both 'what' (secure backend coding practices specializing in input validation, authentication, and API security) and 'when' (Use PROACTIVELY for backend security implementations or security code reviews), with an explicit trigger clause. | 3 / 3 |
Trigger Term Quality | Includes some relevant keywords like 'input validation', 'authentication', 'API security', and 'security code reviews', but misses many natural user terms like 'SQL injection', 'XSS', 'CSRF', 'OAuth', 'password hashing', 'authorization', 'OWASP', or 'vulnerability'. | 2 / 3 |
Distinctiveness Conflict Risk | The focus on 'backend security' provides some distinctiveness, but terms like 'authentication' and 'API security' could overlap with general backend development skills, API design skills, or broader security skills. The scope is somewhat broad within the security domain. | 2 / 3 |
Total | 9 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a taxonomy/catalog of backend security topics rather than actionable coding guidance. It extensively lists security concepts Claude already knows without providing any concrete code examples, specific configurations, or executable commands. The content would be far more effective if it were reduced to ~20% of its current size and replaced the abstract descriptions with concrete, copy-paste-ready code patterns for the most critical security implementations.
Suggestions
Replace the abstract capability lists with concrete, executable code examples for the most critical patterns (e.g., parameterized queries in Python/Node.js, JWT validation, CSP header configuration, bcrypt password hashing).
Remove the 'Capabilities', 'Knowledge Base', 'Behavioral Traits', and 'Example Interactions' sections entirely — Claude already knows these concepts. Focus only on project-specific conventions or non-obvious implementation details.
Add explicit validation/verification steps to the workflow, such as 'Run OWASP ZAP scan after implementation' or 'Verify CSP headers with: curl -I https://... | grep Content-Security-Policy'.
Move detailed reference material into the referenced 'resources/implementation-playbook.md' bundle file and keep SKILL.md as a concise overview with clear pointers to specific sections.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose and padded with information Claude already knows. The massive capability lists, knowledge base, behavioral traits, and example interactions are all things Claude inherently understands about security. The content reads like a job description rather than actionable instructions, wasting significant token budget on taxonomy rather than novel guidance. | 1 / 3 |
Actionability | Despite being about secure coding, the skill contains zero executable code examples, no concrete commands, no specific configurations, and no copy-paste ready snippets. Everything is described at an abstract level (e.g., 'Parameterized queries: Prepared statements, ORM security configuration') without showing how to actually implement anything. | 1 / 3 |
Workflow Clarity | The 'Response Approach' section lists 9 high-level steps but lacks any validation checkpoints, feedback loops, or concrete sequencing. For a skill involving security implementations (which are inherently risky/destructive if done wrong), there are no verification steps, no testing commands, and no error recovery guidance. | 1 / 3 |
Progressive Disclosure | There is one reference to 'resources/implementation-playbook.md' for detailed examples, which is a good signal for progressive disclosure. However, no bundle files exist to support this reference, and the massive inline content (capabilities lists, knowledge base, etc.) should have been split into reference files rather than inlined in the SKILL.md. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- sickn33/antigravity-awesome-skills
- Commit
8854d4e
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.