Name: tessl-labs/django-security-basics
Rating: 92.4 (1 reviews)
Author: tessl-labs

Blog Docs Log in Get started

tessl-labs/django-security-basics

Security essentials for Django — CSRF, CORS, security middleware, ALLOWED_HOSTS,

2.91x

Quality

99%

Does it follow best practices?

Impact

99%

2.91x

Average score across 2 eval scenarios

Securityby

Passed

No known issues

Quality

Content

100%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is an excellent security skill that efficiently covers Django production security essentials. It provides concrete, executable code for every configuration, includes a comprehensive checklist for validation, and respects token budget by assuming Claude's familiarity with Django concepts while focusing on what actually needs to be configured.

Dimension	Reasoning	Score
Conciseness	The content is lean and efficient, assuming Claude knows Django basics. No unnecessary explanations of what CSRF or XSS are—just what to configure and why it matters for production.	3 / 3
Actionability	Every section provides copy-paste ready code snippets with concrete settings, environment variable patterns, and specific commands like `python manage.py check --deploy`. The JavaScript CSRF example is executable.	3 / 3
Workflow Clarity	Clear numbered sections with a logical progression from critical settings to verification. The checklist provides explicit validation steps, and the `check --deploy` command serves as a built-in verification checkpoint before deployment.	3 / 3
Progressive Disclosure	Well-organized with clear sections, a summary checklist, and a reference to an external verifier. Content is appropriately scoped for a single SKILL.md without needing deep nesting or excessive external references.	3 / 3
	Total	12 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a well-crafted skill description that excels across all dimensions. It provides specific security topics, uses natural trigger terms that users would actually search for, explicitly states both capabilities and usage scenarios, and carves out a distinct niche for Django security specifically. The description is concise yet comprehensive.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete security topics: CSRF, CORS, security middleware, ALLOWED_HOSTS, secrets management, and common misconfigurations. These are concrete, actionable areas rather than vague abstractions.	3 / 3
Completeness	Clearly answers both what (security essentials covering CSRF, CORS, middleware, etc.) and when ('Use when building or reviewing Django apps before production deployment, or when a security audit flags issues'). Explicit trigger guidance is provided.	3 / 3
Trigger Term Quality	Includes natural keywords users would say: 'Django', 'CSRF', 'CORS', 'security', 'ALLOWED_HOSTS', 'secrets management', 'production deployment', 'security audit'. These cover both technical terms and common user scenarios.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with clear niche: Django-specific security. The combination of 'Django' + 'security' + specific security concepts (CSRF, CORS, ALLOWED_HOSTS) creates a unique trigger profile unlikely to conflict with general security or general Django skills.	3 / 3
	Total	12 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Reviewed

3 months ago

Table of Contents

Discovery Implementation Validation