CtrlK
BlogDocsLog inGet started
Tessl Logo

guydemo/authguard

Authorization and access control security guidance based on Project CodeGuard — covers RBAC/ABAC/ReBAC, IDOR prevention, mass assignment, and transaction authorization

87

1.45x
Quality

82%

Does it follow best practices?

Impact

93%

1.45x

Average score across 6 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

Quality

Content

64%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured security skill that efficiently communicates authorization principles and anti-patterns without unnecessary verbosity. Its main weaknesses are the lack of executable code examples (pseudocode-level guidance instead of copy-paste ready implementations) and missing references to supporting materials like authorization matrix templates or framework-specific implementation files.

Suggestions

Add executable code examples for key patterns (e.g., complete middleware implementation for centralized authorization, ABAC policy evaluation snippet)

Include a concrete authorization matrix YAML/JSON example that tests can iterate over, rather than just describing the approach

Consider splitting framework-specific pitfalls (Pydantic, Django, Rails) into a separate FRAMEWORKS.md reference file with detailed examples for each

DimensionReasoningScore

Conciseness

The content is lean and efficient, assuming Claude's competence with security concepts. No unnecessary explanations of what authorization is or how frameworks work—every section delivers actionable guidance without padding.

3 / 3

Actionability

Provides concrete guidance with specific examples like `currentUser.projects.find(id)` and mentions framework-specific pitfalls, but lacks fully executable code blocks. Most guidance is descriptive rather than copy-paste ready.

2 / 3

Workflow Clarity

The Transaction Authorization section has clear sequential steps with validation, but other sections lack explicit workflows. Testing section mentions matrix-driven testing but doesn't show the validation/feedback loop for when tests fail.

2 / 3

Progressive Disclosure

Content is well-organized with clear section headers, but it's a monolithic document with no references to external files for detailed examples, authorization matrix templates, or framework-specific implementation guides that would benefit from separation.

2 / 3

Total

9

/

12

Passed

Description

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a solid skill description with explicit trigger guidance and good keyword coverage for authorization-related tasks. The main weakness is that the capabilities could be more specific about concrete actions (e.g., 'design role hierarchies', 'implement permission middleware', 'audit access policies') rather than generic verbs like 'implementing' and 'modifying'.

Suggestions

Replace generic verbs with specific actions like 'design role hierarchies, implement permission middleware, audit access policies, configure policy engines'

DimensionReasoningScore

Specificity

Names the domain (authorization/access control) and mentions specific concepts (RBAC/ABAC/ReBAC, permission checks), but doesn't list concrete actions like 'implement role hierarchies' or 'audit permission matrices'. The phrase 'implementing, reviewing, or modifying' is somewhat generic.

2 / 3

Completeness

Clearly answers both what ('security skill focused on authorization and access control') and when ('Use this skill when implementing, reviewing, or modifying authorization logic, access control, RBAC/ABAC/ReBAC, or permission checks'). Has explicit 'Use this skill when...' clause.

3 / 3

Trigger Term Quality

Includes good coverage of natural terms users would say: 'authorization', 'access control', 'RBAC', 'ABAC', 'ReBAC', 'permission checks'. These are terms developers naturally use when working on security features.

3 / 3

Distinctiveness Conflict Risk

Clear niche focused specifically on authorization/access control with distinct triggers (RBAC/ABAC/ReBAC). Unlikely to conflict with general security skills or other code skills due to specific focus on permission systems.

3 / 3

Total

11

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation11 / 11 Passed

Validation for skill structure

No warnings or errors.

Reviewed

Table of Contents

DiscoveryImplementationValidation