cc-skill-security-review

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist a...

Install with Tessl CLI

npx tessl i github:sickn33/antigravity-awesome-skills --skill cc-skill-security-review

What are skills?

1.25x

Review — 79%

Does it follow best practices?

If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:

npx tessl skill review --optimize ./path/to/skill

Learn more

Evaluation — 98%

↑ 1.25x

Agent success when using this skill

Validation — 9 / 11 Passed

Validation for skill structure

SKILL.md

Review

Evals

Evaluation results

100%

26%

User Registration API Module

Input validation, SQL injection prevention, error handling

Criteria

Without context

With context

No hardcoded secrets

100%

Env var for DB connection

100%

Env var existence check

100%

Zod schema used

100%

Email validation

100%

String length limits

100%

No SQL concatenation

100%

Parameterized SQL

100%

Generic error message

100%

No stack trace exposed

100%

Without context: $0.4139 · 1m 49s · 18 turns · 67 in / 6,410 out tokens

With context: $0.7116 · 2m 17s · 29 turns · 289 in / 7,689 out tokens

100%

20%

Secure Authentication Middleware for Admin Dashboard

JWT cookie auth, CSRF protection, rate limiting

Criteria

Without context

With context

httpOnly cookie for token

100%

No localStorage token storage

100%

SameSite=Strict on cookie

100%

Secure flag on cookie

100%

CSRF token verified

100%

403 for CSRF failure

100%

Rate limiting applied

100%

Auth check before operation

100%

Role check present

100%

401/403 status codes

100%

Without context: $0.2854 · 1m 23s · 11 turns · 12 in / 4,851 out tokens

With context: $0.6982 · 2m 30s · 25 turns · 285 in / 8,844 out tokens

94%

12%

User Profile Content and Avatar Upload Module

HTML sanitization, file upload validation, safe logging

Criteria

Without context

With context

DOMPurify package used

33%

100%

ALLOWED_TAGS specified

100%

ALLOWED_ATTR empty or restricted

100%

File size check

100%

File type whitelist

100%

File extension check

100%

No password in logs

100%

50%

Sensitive fields redacted

100%

No full credentials logged

100%

Without context: $0.5484 · 2m 14s · 24 turns · 73 in / 7,289 out tokens

With context: $0.6736 · 2m 24s · 25 turns · 333 in / 8,696 out tokens

Evaluated: 6 days ago
Agent: Claude Code
Model: Unknown

Table of Contents

User Registration API Module Secure Authentication Middleware for Admin Dashboard User Profile Content and Avatar Upload Module

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.