springboot-security

Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.

Install with Tessl CLI

npx tessl i github:ysyecust/everything-claude-code --skill springboot-security

What are skills?

Quality

67%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/springboot-security/SKILL.md

SKILL.md

Review

Evals

Evaluation results

100%

10%

Secure REST API for Mobile Banking Backend

JWT authentication and security configuration

Criteria

Without context

With context

OncePerRequestFilter

100%

Bearer extraction

100%

Stateless session

100%

CSRF disabled

100%

Content Security Policy

100%

Additional security headers

100%

CORS via bean

100%

No wildcard CORS origin

100%

Externalized secrets

100%

Deny by default

100%

Without context: $0.3917 · 20m 33s · 14 turns · 105 in / 7,216 out tokens

With context: $0.4562 · 36m 10s · 19 turns · 381 in / 5,998 out tokens

100%

10%

HR Employee Account Management Service

Input validation, password encoding, and method security

Criteria

Without context

With context

@Valid on controller

100%

@NotBlank constraint

100%

@Email constraint

100%

Size or range constraint

100%

Password hashed

100%

PasswordEncoder bean

100%

BCrypt cost factor 12

100%

@EnableMethodSecurity

100%

@PreAuthorize on admin endpoints

100%

Parameterized queries

100%

Without context: $0.4213 · 43m 10s · 14 turns · 105 in / 7,786 out tokens

With context: $0.8864 · 54m 25s · 29 turns · 510 in / 11,098 out tokens

100%

20%

API Abuse Prevention and Audit Logging for Patient Portal

Rate limiting and secure audit logging

Criteria

Without context

With context

Bucket4j dependency

100%

OncePerRequestFilter

100%

HTTP 429 on limit exceeded

100%

Retry hint in response

100%

Burst logging

100%

Per-client bucketing

100%

No credentials in logs

100%

Sensitive fields redacted

100%

Structured log format

100%

IMPLEMENTATION_NOTES content

100%

Without context: $0.8084 · 48m 9s · 16 turns · 129 in / 13,755 out tokens

With context: $0.9623 · 53m · 24 turns · 170 in / 13,935 out tokens

Evaluated: 5 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Secure REST API for Mobile Banking Backend HR Employee Account Management Service API Abuse Prevention and Audit Logging for Patient Portal

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.