CtrlK
BlogDocsLog inGet started
Tessl Logo

springboot-security

Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A highly actionable reference with executable BAD/GOOD examples across every security domain, but it is monolithic — all detail sits inline in SKILL.md with no progressive disclosure to deeper reference files, and workflows lack explicit validation feedback loops.

Suggestions

Move the longer worked examples (e.g. JwtAuthFilter, RateLimitFilter) into reference files under references/ and link to them from concise overviews in SKILL.md to improve progressive disclosure.

Add explicit validate→fix→retry checkpoints to any section touching destructive or batch operations (e.g. dependency scanning, secrets rotation).

Trim full class boilerplate in code blocks to the minimal snippet that conveys the pattern, reducing token cost without losing actionability.

DimensionReasoningScore

Conciseness

Mostly efficient bullet-plus-code structure with no concept overexplaining, but several examples carry full class boilerplate (e.g. the complete JwtAuthFilter) that could be trimmed to the teaching point.

2 / 3

Actionability

Every section ships executable Java/YAML with concrete annotations, bean configs, and BAD/GOOD contrasts — copy-paste ready across authentication, validation, SQL, CORS, and rate limiting.

3 / 3

Workflow Clarity

Content is organized by topic and closes with a release checklist, but there is no explicitly sequenced multi-step workflow with validate→fix→retry checkpoints for the operations described.

2 / 3

Progressive Disclosure

Single ~270-line file with all detailed code inline and no bundle files; the per-domain examples could be split into reference files rather than living entirely in SKILL.md.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A specific, well-scoped description that clearly names its security domains, but it omits an explicit 'Use when…' trigger clause, leaving the activation condition implicit.

Suggestions

Add a 'Use when…' clause to the description, e.g. 'Use when adding authentication, validating input, or handling secrets in Spring Boot services.' to satisfy the 'when' half of completeness.

Consider including a few more user-natural synonyms (e.g. 'login', 'permissions', 'CORS') alongside the technical terms to broaden trigger coverage.

DimensionReasoningScore

Specificity

Lists multiple concrete security domains — 'authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security' — each a specific action area rather than vague language.

3 / 3

Completeness

Clearly answers 'what' via the enumerated domains but lacks any 'Use when…' trigger clause in the description itself; per guidelines a missing explicit trigger caps completeness at 2.

2 / 3

Trigger Term Quality

Contains natural terms users would say ('Spring Security', 'CSRF', 'secrets', 'rate limiting', 'Java Spring Boot'), giving good coverage of the domain's vocabulary.

3 / 3

Distinctiveness Conflict Risk

Scoped to 'Java Spring Boot services' security — a clear niche unlikely to overlap with other skills.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

metadata_version

'metadata.version' is missing

Warning

Total

15

/

16

Passed

Repository
ysyecust/everything-claude-code
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.