auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
79
Quality
78%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./.agent/skills/auth-implementation-patterns/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope around authentication and authorization patterns with specific technologies (JWT, OAuth2, RBAC). It includes an explicit 'Use when...' clause with natural trigger terms and is distinctive enough to avoid conflicts with other security or coding skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and patterns: 'JWT, OAuth2, session management, and RBAC' along with clear outcomes 'build secure, scalable access control systems'. Also mentions specific use cases like 'implementing auth systems, securing APIs, debugging security issues'. | 3 / 3 |
Completeness | Clearly answers both what ('Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems') AND when ('Use when implementing auth systems, securing APIs, or debugging security issues') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'authentication', 'authorization', 'JWT', 'OAuth2', 'session management', 'RBAC', 'auth systems', 'APIs', 'security issues'. These cover common variations and technical terms users naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on authentication/authorization patterns with distinct triggers like 'JWT', 'OAuth2', 'RBAC', 'auth systems'. Unlikely to conflict with general coding or security skills due to specific auth-focused terminology. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill is well-structured and concise, with good progressive disclosure to detailed resources. However, it critically lacks actionable, concrete guidance—no code examples, specific commands, or executable patterns are provided in the main skill file. For a security-focused skill, the absence of validation checkpoints and concrete implementation examples significantly limits its utility.
Suggestions
Add at least one concrete, executable code example for a common auth pattern (e.g., JWT validation middleware or session setup)
Include specific validation steps in the workflow, such as 'Verify token expiration handling with: [test command]' or security checklist items
Replace abstract instructions like 'Choose auth strategy' with decision criteria or a quick reference table showing when to use each approach
Add a minimal working example inline (e.g., Express.js JWT middleware or OAuth2 callback handler) rather than deferring all implementation details to the playbook
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, avoiding unnecessary explanations of concepts Claude already knows. Each section serves a clear purpose without padding or verbose descriptions. | 3 / 3 |
Actionability | The skill provides only vague, abstract guidance with no concrete code examples, specific commands, or executable patterns. Instructions like 'Choose auth strategy' and 'Design authorization model' describe rather than instruct. | 1 / 3 |
Workflow Clarity | Steps are listed in a logical sequence but lack validation checkpoints, feedback loops, or specific verification steps. For security-critical operations like auth implementation, missing validation guidance is a significant gap. | 2 / 3 |
Progressive Disclosure | Clear structure with well-signaled one-level-deep references to implementation-playbook.md. The overview is appropriately concise with navigation to detailed resources. | 3 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- Dokhacgiakhoa/antigravity-ide
- Commit
3395991
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.