CtrlK
BlogDocsLog inGet started
Tessl Logo

auth-implementation-patterns

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

84

1.19x
Quality

Does it follow best practices?

Impact

100%

1.19x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

57%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

Highly actionable code examples are undercut by a verbose, monolithic body that re-teaches known concepts and lists phantom bundle files that do not exist. Tightening the prose and either creating or removing the missing references would materially raise the score.

Suggestions

Move the conceptual 'Core Concepts' explanations and lengthy code dumps into reference files, keeping SKILL.md a lean overview with one-level-deep, verified links.

Remove the 'Resources' section entries (references/jwt-best-practices.md, oauth2-flows.md, session-security.md, assets/auth-security-checklist.md, password-policy-template.md, scripts/token-validator.ts) or create those files, since none currently exist in the bundle.

Add explicit validation/verification checkpoints (e.g., verify tokens server-side, confirm RBAC enforcement with a test) to turn the security patterns into sequenced workflows with feedback loops.

DimensionReasoningScore

Conciseness

The ~640-line body restates concepts Claude already knows ('Authentication vs Authorization: Who are you?', session-vs-token explanations) and opens with filler, so while largely useful it is padded and could be tightened; not the verbose floor but well above lean.

2 / 3

Actionability

Provides extensive fully executable, copy-paste-ready TypeScript — JWT sign/verify, refresh-token flow, OAuth2 with Passport, RBAC/permission middleware, bcrypt hashing, rate limiting — with specific imports and concrete examples.

3 / 3

Workflow Clarity

Content is organized as numbered patterns rather than sequenced multi-step workflows, and security-sensitive operations lack explicit validate/verify checkpoints or feedback loops, capping clarity at 2 per the rubric.

2 / 3

Progressive Disclosure

The body is a monolithic wall of inline content, and the 'Resources' section references six bundle files (references/*.md, assets/*.md, scripts/token-validator.ts) none of which exist in the bundle, yielding broken references with poor organization.

1 / 3

Total

8

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, well-formed description: it states concrete capabilities, includes an explicit 'Use when' trigger clause, and occupies a distinct niche. It uses third-person voice throughout, incurring no penalty.

DimensionReasoningScore

Specificity

Lists multiple concrete capabilities — 'JWT, OAuth2, session management, and RBAC' plus 'build secure, scalable access control systems' — matching the anchor for several specific concrete actions.

3 / 3

Completeness

Explicitly answers both what ('Master authentication and authorization patterns...') and when (an explicit 'Use when...' clause), matching the top anchor exactly.

3 / 3

Trigger Term Quality

'Use when implementing auth systems, securing APIs, or debugging security issues' gives good coverage of natural phrasings users would actually say, rather than technical jargon.

3 / 3

Distinctiveness Conflict Risk

Authentication/authorization is a clear niche with distinct triggers, unlikely to fire for an unrelated skill.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

skill_md_line_count

SKILL.md is long (648 lines); consider splitting into references/ and linking

Warning

referenced_paths_exist

Referenced path issues: 6 missing

Warning

Total

14

/

16

Passed

Repository
Dicklesworthstone/pi_agent_rust
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.