backend-security-coder
tessl i github:sickn33/antigravity-awesome-skills --skill backend-security-coderExpert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.
Validation
81%| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
metadata_version | 'metadata.version' is missing | Warning |
license_field | 'license' field is missing | Warning |
Total | 13 / 16 Passed | |
Implementation
20%This skill reads like a comprehensive security knowledge base or job description rather than actionable guidance for Claude. It extensively lists security concepts and capabilities that Claude already understands, without providing the concrete code examples, specific implementation patterns, or executable commands that would make it useful. The content would benefit from dramatic reduction and replacement with actual code snippets and specific implementation guidance.
Suggestions
Replace the extensive capability lists with 3-5 concrete, executable code examples for the most common security tasks (e.g., parameterized query example, JWT validation snippet, CSP header configuration)
Remove the 'Capabilities' and 'Knowledge Base' sections entirely - Claude already knows these concepts; instead focus on project-specific patterns or non-obvious implementation details
Add validation checkpoints to the Response Approach (e.g., 'Verify input validation with test cases before proceeding')
Move detailed capability descriptions to separate reference files and keep SKILL.md as a concise quick-start guide
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with extensive lists of concepts Claude already knows (OWASP Top 10, JWT, OAuth, etc.). The 'Capabilities' section reads like a textbook table of contents rather than actionable guidance. Most content describes what security concepts are rather than providing specific implementation details. | 1 / 3 |
Actionability | No executable code examples, no specific commands, no concrete implementation patterns. Content is entirely descriptive ('Comprehensive input validation frameworks', 'Secure session handling') without showing how to actually implement anything. The 'Example Interactions' are prompts, not solutions. | 1 / 3 |
Workflow Clarity | The 'Response Approach' section provides a numbered sequence of steps, but lacks validation checkpoints, feedback loops, or concrete verification steps. For security-critical operations, missing validation steps is a significant gap. | 2 / 3 |
Progressive Disclosure | References `resources/implementation-playbook.md` for detailed examples, which is good progressive disclosure. However, the main content is a monolithic wall of bullet points that could be better organized into separate reference files for each capability area. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
67%This description has good structure with explicit 'Use when' guidance, making it complete. However, it relies on category names rather than concrete actions, and the trigger terms, while relevant, miss common user vocabulary variations. The backend security focus provides moderate distinctiveness but could still conflict with related skills.
Suggestions
Replace category names with specific actions: 'Implements JWT authentication, validates inputs against SQL injection and XSS, secures REST/GraphQL endpoints' instead of listing general areas.
Add common user trigger terms: 'auth', 'login security', 'SQL injection', 'XSS prevention', 'OWASP', 'secure endpoints', 'sanitize input'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (backend security) and lists some areas (input validation, authentication, API security), but these are categories rather than concrete actions like 'validates user input against injection attacks' or 'implements JWT token authentication'. | 2 / 3 |
Completeness | Clearly answers both what (secure backend coding practices in input validation, authentication, API security) and when (backend security implementations or security code reviews) with explicit 'Use PROACTIVELY' trigger guidance. | 3 / 3 |
Trigger Term Quality | Includes relevant terms like 'backend security', 'input validation', 'authentication', 'API security', and 'security code reviews', but misses common variations users might say like 'auth', 'login security', 'SQL injection', 'XSS', 'OWASP', or 'secure coding'. | 2 / 3 |
Distinctiveness Conflict Risk | The focus on 'backend security' provides some distinction, but 'authentication' and 'API security' could overlap with general API skills or auth-specific skills. The scope is moderately specific but not uniquely carved out. | 2 / 3 |
Total | 9 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.