broken-authentication
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate ...
Install with Tessl CLI
npx tessl i github:sickn33/antigravity-awesome-skills --skill broken-authentication90
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillAgent success when using this skill
Validation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines when to use it with explicit trigger phrases and specific security testing actions. The 'Use when' pattern is well-implemented with natural terminology that security professionals would use. The description effectively carves out a distinct niche around authentication and session security testing.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description lists multiple specific concrete actions: 'test for broken authentication vulnerabilities', 'assess session management security', 'perform credential stuffing tests', 'evaluate'. These are concrete, actionable security testing activities. | 3 / 3 |
Completeness | The description explicitly starts with 'This skill should be used when' which directly answers the 'when' question, and the specific test types answer the 'what' question. It provides clear explicit triggers for skill selection. | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'broken authentication', 'session management security', 'credential stuffing tests'. These are terms security professionals and developers would naturally use when requesting these assessments. | 3 / 3 |
Distinctiveness Conflict Risk | The focus on authentication-specific security testing (broken authentication, session management, credential stuffing) creates a clear niche distinct from general security testing, code review, or other vulnerability assessment skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a comprehensive and highly actionable security testing skill with excellent workflow clarity and concrete examples. The main weaknesses are verbosity (includes some explanatory content Claude doesn't need) and the monolithic structure that could benefit from progressive disclosure through linked reference files. The skill excels at providing executable commands and clear validation checkpoints for each testing phase.
Suggestions
Remove or condense the Prerequisites section - Claude already understands HTTP, authentication types, and cookie handling
Move the Quick Reference tables (vulnerability types, credential payloads, cookie flags, bypass headers) to a separate REFERENCE.md file and link to it
Remove the list of common passwords and default credentials - these are well-known and add token overhead without value
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but includes some unnecessary explanations (e.g., explaining what authentication types are, listing common passwords Claude already knows). The prerequisites section explaining 'HTTP protocol and session mechanisms' and 'Authentication types' assumes Claude needs this context. | 2 / 3 |
Actionability | Provides concrete, executable commands (Hydra syntax, Burp Intruder steps), specific HTTP request examples, and copy-paste ready Python code for session analysis. The examples are detailed with actual payloads and expected outcomes. | 3 / 3 |
Workflow Clarity | Clear 10-phase workflow with explicit sequencing. Each phase has numbered steps, validation checkpoints (e.g., 'VULNERABLE if SESSIONID remains abc123', 'SECURE if new session assigned'), and the troubleshooting table provides error recovery guidance. | 3 / 3 |
Progressive Disclosure | Content is well-structured with clear sections and quick reference tables, but it's a monolithic document (~400 lines) that could benefit from splitting detailed examples and reference tables into separate files. No external file references are provided for advanced topics. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.