g14wxz/custom-access-token-hook
Injects tenant ID and RBAC permissions into JWT via Postgres Auth Hooks during token issuance.
97
97%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that is highly specific, includes a comprehensive set of natural trigger terms, explicitly states both what the skill does and when to use it, and occupies a clearly distinct niche. It follows the third-person voice convention and avoids vague language or unnecessary fluff.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: generates a Postgres Auth Hook, injects tenant_id and serialized permissions into JWT app_metadata, uses jsonb_set. These are precise, technical, and actionable. | 3 / 3 |
Completeness | Clearly answers both 'what' (generates Postgres Auth Hook that injects tenant_id and permissions into JWT app_metadata using jsonb_set) and 'when' (explicit 'Use when' clause covering RBAC, multi-tenant JWT claims, custom access token hooks, permission injection into Supabase auth tokens). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms a user would use: 'RBAC', 'multi-tenant', 'JWT claims', 'custom access token hooks', 'permission injection', 'Supabase auth tokens', 'Postgres Auth Hook', 'tenant_id', 'app_metadata'. These are terms developers would naturally use when seeking this functionality. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a very specific niche: Postgres Auth Hooks for Supabase with tenant_id/permissions injection via jsonb_set. The combination of Supabase, Postgres hooks, JWT app_metadata, and RBAC makes this unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
92%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a high-quality skill that provides clear, actionable, and well-sequenced guidance for implementing a Supabase auth hook. Its strengths are the complete executable SQL, explicit halt conditions for error cases, and a thorough verification checklist. The only minor weakness is that all content is inline, though the skill's focused scope makes this acceptable.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Every section earns its place. No unnecessary explanations of what Postgres functions are, what JWTs are, or how Supabase works. The content assumes Claude knows these concepts and focuses purely on the specific implementation details. | 3 / 3 |
Actionability | Provides complete, executable SQL for the hook function, the registration command, grant/revoke statements, and an example RLS policy. The code is copy-paste ready with clear adaptation instructions for schema differences. | 3 / 3 |
Workflow Clarity | Four clearly sequenced phases with explicit HALT conditions (Phase 1 if no role table, Phase 4 if recursive JOINs in RLS). The verification checklist at the end serves as a comprehensive validation checkpoint. Feedback loops are present via the halt-and-fix pattern. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear phases and a verification checklist, but everything is inline in a single file. The RLS policy examples and permission schema discovery guidance could be split into referenced files for complex scenarios, though for this skill's scope the inline approach is reasonable. | 2 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
Reviewed
Table of Contents