security-general
Security checklist: OWASP top 10, secret scanning, input validation, and auth patterns
67
48%
Does it follow best practices?
Impact
99%
1.02xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/security-general/SKILL.mdEvaluation results
100%
Employee Records API
Injection vulnerability fixes in a Node.js API
Parameterized SQL: search
100%
100%
Parameterized SQL: ID lookup
100%
100%
No command injection
100%
100%
Path traversal prevention
100%
100%
No hardcoded password
100%
100%
No stack traces to client
100%
100%
Generic error messages
100%
100%
Input size / type validation
100%
100%
Security report produced
100%
100%
99%
7%Secure Authentication Service
JWT auth with correct claim validation and rate limiting
JWT signature validation
100%
100%
JWT exp claim checked
100%
100%
JWT iss or aud claim checked
0%
100%
Short-lived access token
100%
100%
Refresh token present
100%
100%
Deny by default
100%
100%
No custom crypto
100%
100%
Rate limiting on login
100%
100%
Secrets from env vars
100%
90%
No internal details exposed
100%
100%
100%
Community Forum Web Application
XSS, security headers, error handling, and dependency hygiene
XSS: no unsafe filter
100%
100%
Framework escaping used
100%
100%
Content-Security-Policy header
100%
100%
X-Content-Type-Options header
100%
100%
X-Frame-Options header
100%
100%
No stack traces to client
100%
100%
Generic error messages
100%
100%
Unused deps removed
100%
100%
Input size validation
100%
100%
Hardening report produced
100%
100%
- Repository
- ucdavis/ai-skills-registry
- Commit
c0b2e4b
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.