g14wxz/ssr-auth-session-management
Configures server-side session synchronization via secure HTTP-only cookies for SSR frameworks.
94
94%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly communicates its specific purpose (server-side auth session management with HTTP-only cookies for SSR frameworks), its dependencies (PKCE auth flow), and when to use it via an explicit 'Use when' clause with multiple natural trigger terms. It uses proper third-person voice and is concise without being vague.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'server-side auth session management', 'HTTP-only cookie synchronization', names specific frameworks (Next.js, SvelteKit), and notes dependency on PKCE auth flow. | 3 / 3 |
Completeness | Clearly answers both 'what' (implements server-side auth session management with HTTP-only cookie synchronization for SSR frameworks) and 'when' (explicit 'Use when' clause listing five specific trigger scenarios). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'SSR authentication', 'server-side session sync', 'HTTP-only auth cookies', 'Next.js Supabase auth', 'SvelteKit Supabase auth' — these are all terms developers would naturally use when seeking this functionality. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive — the combination of server-side auth, HTTP-only cookies, SSR frameworks, Supabase, and PKCE dependency creates a very clear niche that is unlikely to conflict with other skills like general auth or client-side auth skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, well-structured skill that provides clear, executable guidance for implementing SSR auth session management. The phased workflow with explicit HALT conditions and a verification checklist makes it highly reliable. Minor verbosity in explanatory comments (e.g., why getUser over getSession) slightly reduces token efficiency but adds safety-critical context that is arguably justified.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Generally efficient with good use of code examples, but includes some unnecessary explanation (e.g., explaining why not to use getSession(), explaining cookie chunking concepts). A few comments could be trimmed, though most content earns its place. | 2 / 3 |
Actionability | Provides fully executable, copy-paste ready code examples for each phase including the shared cookie options, server client creation, middleware, token rotation handling, and route protection. Specific version requirements and concrete commands are given. | 3 / 3 |
Workflow Clarity | Six clearly sequenced phases with explicit validation checkpoints (Phase 6 verification report), HALT conditions on failures (version check, rotation failure, auth failure), and clear error recovery paths (clear cookies and redirect on rotation failure). Feedback loops are present for destructive operations. | 3 / 3 |
Progressive Disclosure | Well-structured with clear pre-conditions referencing dependent skills, a shared constant defined once and referenced throughout, and a one-level-deep reference to the SvelteKit-specific implementation file. Content is appropriately split between the main skill and framework-specific files. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
Reviewed
Table of Contents