CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/github-python--cpython

CPython is the reference implementation of the Python programming language providing the core interpreter, runtime system, and comprehensive standard library.

96

1.06x
Quality

Pending

Does it follow best practices?

Impact

96%

1.06x

Average score across 10 eval scenarios

SecuritybySnyk

Pending

The risk profile of this skill

This tile was archived by the owner on Feb 5, 2026

Reason: Github package not supported

Overview
Eval results
Files

criteria.jsonevals/scenario-10/

{
  "context": "Evaluates how solutions rely on Python's standard security primitives for randomness, hashing, key derivation, and message authentication. Scoring checks for correct use of hashlib, hmac, and secrets APIs that align with the spec's deterministic outputs and integrity requirements.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Secure randomness",
      "description": "generate_session_token draws entropy with secrets.token_urlsafe or secrets.token_bytes (not random/uuid) honoring the requested byte count before encoding.",
      "max_score": 20
    },
    {
      "name": "Token encoding",
      "description": "Token output stays URL-safe (base64url or equivalent), keeps or exceeds the expected length for 24 bytes of entropy, and avoids manual padding/truncation that would reduce randomness.",
      "max_score": 10
    },
    {
      "name": "File digest",
      "description": "file_hex_digest builds a digest with hashlib.sha256 or hashlib.new('sha256'), reading file bytes (chunked or all at once) and returning the hexdigest from the hashlib object.",
      "max_score": 20
    },
    {
      "name": "Password KDF",
      "description": "derive_key_from_password uses hashlib.pbkdf2_hmac('sha256', password, salt, iterations, dklen=key_length) to reproduce the specified 32-byte output for the given salt and iteration count.",
      "max_score": 20
    },
    {
      "name": "Key check constant-time",
      "description": "verify_password_key recomputes the PBKDF2 output and compares it to expected_key with hmac.compare_digest or secrets.compare_digest instead of direct equality.",
      "max_score": 10
    },
    {
      "name": "HMAC signing",
      "description": "sign_message creates a MAC via hmac.new(key, message, hashlib.sha256) (or the algorithm argument mapped through hashlib) and returns the raw digest bytes.",
      "max_score": 10
    },
    {
      "name": "Signature verification",
      "description": "verify_message recomputes the HMAC with the same digestmod and validates it with hmac.compare_digest so tampered messages are rejected.",
      "max_score": 10
    }
  ]
}

evals

scenario-10

criteria.json

task.md

tile.json