tessl-labs/django-security-basics
Security essentials for Django — CSRF, CORS, security middleware, ALLOWED_HOSTS,
99
99%
Does it follow best practices?
Impact
99%
2.91xAverage score across 2 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It provides specific security topics, uses natural trigger terms that users would actually search for, explicitly states both capabilities and usage scenarios, and carves out a distinct niche for Django security specifically. The description is concise yet comprehensive.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete security topics: CSRF, CORS, security middleware, ALLOWED_HOSTS, secrets management, and common misconfigurations. These are concrete, actionable areas rather than vague abstractions. | 3 / 3 |
Completeness | Clearly answers both what (security essentials covering CSRF, CORS, middleware, etc.) and when ('Use when building or reviewing Django apps before production deployment, or when a security audit flags issues'). Explicit trigger guidance is provided. | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'Django', 'CSRF', 'CORS', 'security', 'ALLOWED_HOSTS', 'secrets management', 'production deployment', 'security audit'. These cover both technical terms and common user scenarios. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with clear niche: Django-specific security. The combination of 'Django' + 'security' + specific security concepts (CSRF, CORS, ALLOWED_HOSTS) creates a unique trigger profile unlikely to conflict with general security or general Django skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
100%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is an excellent security skill that efficiently covers Django production security essentials. It provides concrete, executable code for every configuration, includes a comprehensive checklist for validation, and respects token budget by assuming Claude's familiarity with Django concepts while focusing on what actually needs to be configured.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, assuming Claude knows Django basics. No unnecessary explanations of what CSRF or XSS are—just what to configure and why it matters for production. | 3 / 3 |
Actionability | Every section provides copy-paste ready code snippets with concrete settings, environment variable patterns, and specific commands like `python manage.py check --deploy`. The JavaScript CSRF example is executable. | 3 / 3 |
Workflow Clarity | Clear numbered sections with a logical progression from critical settings to verification. The checklist provides explicit validation steps, and the `check --deploy` command serves as a built-in verification checkpoint before deployment. | 3 / 3 |
Progressive Disclosure | Well-organized with clear sections, a summary checklist, and a reference to an external verifier. Content is appropriately scoped for a single SKILL.md without needing deep nesting or excessive external references. | 3 / 3 |
Total | 12 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
Reviewed
Table of Contents