guydemo/authguard
Authorization and access control security guidance based on Project CodeGuard — covers RBAC/ABAC/ReBAC, IDOR prevention, mass assignment, and transaction authorization
87
82%
Does it follow best practices?
Impact
93%
1.45xAverage score across 6 eval scenarios
Passed
No known issues
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description with explicit trigger guidance and good keyword coverage for authorization-related tasks. The main weakness is that the capabilities could be more specific about concrete actions (e.g., 'design role hierarchies', 'implement permission middleware', 'audit access policies') rather than generic verbs like 'implementing' and 'modifying'.
Suggestions
Replace generic verbs with specific actions like 'design role hierarchies, implement permission middleware, audit access policies, configure policy engines'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (authorization/access control) and mentions specific concepts (RBAC/ABAC/ReBAC, permission checks), but doesn't list concrete actions like 'implement role hierarchies' or 'audit permission matrices'. The phrase 'implementing, reviewing, or modifying' is somewhat generic. | 2 / 3 |
Completeness | Clearly answers both what ('security skill focused on authorization and access control') and when ('Use this skill when implementing, reviewing, or modifying authorization logic, access control, RBAC/ABAC/ReBAC, or permission checks'). Has explicit 'Use this skill when...' clause. | 3 / 3 |
Trigger Term Quality | Includes good coverage of natural terms users would say: 'authorization', 'access control', 'RBAC', 'ABAC', 'ReBAC', 'permission checks'. These are terms developers naturally use when working on security features. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on authorization/access control with distinct triggers (RBAC/ABAC/ReBAC). Unlikely to conflict with general security skills or other code skills due to specific focus on permission systems. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured security skill that efficiently communicates authorization principles and anti-patterns without unnecessary verbosity. Its main weaknesses are the lack of executable code examples (pseudocode-level guidance instead of copy-paste ready implementations) and missing references to supporting materials like authorization matrix templates or framework-specific implementation files.
Suggestions
Add executable code examples for key patterns (e.g., complete middleware implementation for centralized authorization, ABAC policy evaluation snippet)
Include a concrete authorization matrix YAML/JSON example that tests can iterate over, rather than just describing the approach
Consider splitting framework-specific pitfalls (Pydantic, Django, Rails) into a separate FRAMEWORKS.md reference file with detailed examples for each
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, assuming Claude's competence with security concepts. No unnecessary explanations of what authorization is or how frameworks work—every section delivers actionable guidance without padding. | 3 / 3 |
Actionability | Provides concrete guidance with specific examples like `currentUser.projects.find(id)` and mentions framework-specific pitfalls, but lacks fully executable code blocks. Most guidance is descriptive rather than copy-paste ready. | 2 / 3 |
Workflow Clarity | The Transaction Authorization section has clear sequential steps with validation, but other sections lack explicit workflows. Testing section mentions matrix-driven testing but doesn't show the validation/feedback loop for when tests fail. | 2 / 3 |
Progressive Disclosure | Content is well-organized with clear section headers, but it's a monolithic document with no references to external files for detailed examples, authorization matrix templates, or framework-specific implementation guides that would benefit from separation. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
Reviewed
Table of Contents