auth-implementation-patterns

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

Quality

67%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./.agent/skills/auth-implementation-patterns/SKILL.md

Quality

Content

35%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill is essentially a table of contents with no substantive content of its own. It defers all concrete guidance to a referenced playbook that isn't provided in the bundle, leaving the SKILL.md without any executable examples, specific patterns, or actionable instructions. The security domain demands concrete, precise guidance (e.g., JWT signing examples, RBAC middleware patterns, token rotation code), but none is provided at any level.

Suggestions

Add at least 2-3 concrete, executable code examples directly in SKILL.md covering the most common patterns (e.g., JWT token creation/validation, middleware auth guard, password hashing).

Include validation checkpoints in the workflow, such as 'Verify token expiry is set', 'Test that unauthorized requests return 401/403', or 'Confirm secrets are not in logs'.

Resolve the inconsistent references — 'resources/implementation-playbook.md' vs './sub-skills/implementation-playbook.md' — and ensure the referenced file actually exists in the bundle.

Replace the abstract instruction steps ('Define users, tenants, flows...') with specific, actionable guidance that Claude can directly apply, such as concrete data models, middleware patterns, or configuration templates.

Dimension	Reasoning	Score
Conciseness	The content is relatively brief but includes some unnecessary sections like 'Use this skill when' and 'Do not use this skill when' that add little value for Claude. The instructions section is lean but could be tighter.	2 / 3
Actionability	The instructions are entirely abstract and high-level ('Define users, tenants, flows...', 'Choose auth strategy...', 'Design authorization model...'). There are no concrete code examples, specific commands, executable snippets, or copy-paste ready patterns. All substantive content is deferred to a referenced file.	1 / 3
Workflow Clarity	The instructions list steps in a logical sequence (define requirements → choose strategy → design model → plan secrets → reference playbook), but there are no validation checkpoints, no error recovery steps, and no feedback loops for what are inherently security-critical operations.	2 / 3
Progressive Disclosure	References to 'resources/implementation-playbook.md' and 'sub-skills/implementation-playbook.md' are present, but no bundle files were provided to verify they exist. The SKILL.md itself is too thin — it's essentially just a pointer with almost no standalone value. The two different paths to what appears to be the same resource is confusing.	2 / 3
	Total	7 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly identifies its domain (authentication and authorization), lists specific technologies and patterns (JWT, OAuth2, session management, RBAC), and provides explicit trigger guidance. The only minor issue is the use of 'Master' as the opening verb which reads slightly like instructional language rather than a pure third-person capability description, but it still functions well for skill selection. Overall it closely matches the rubric's good examples.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions and technologies: JWT, OAuth2, session management, RBAC, securing APIs, debugging security issues, and building access control systems.	3 / 3
Completeness	Clearly answers both 'what' (authentication/authorization patterns including JWT, OAuth2, session management, RBAC for secure access control) and 'when' (explicit 'Use when implementing auth systems, securing APIs, or debugging security issues').	3 / 3
Trigger Term Quality	Includes strong natural trigger terms users would say: 'authentication', 'authorization', 'JWT', 'OAuth2', 'session management', 'RBAC', 'auth systems', 'securing APIs', 'security issues'. These cover common variations well.	3 / 3
Distinctiveness Conflict Risk	Clearly carved out niche around authentication and authorization specifically. The trigger terms (JWT, OAuth2, RBAC, session management) are highly distinctive and unlikely to conflict with other skills unless there's another auth-specific skill.	3 / 3
	Total	12 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Repository: Dokhacgiakhoa/antigravity-ide
Commit: c4a059b

Reviewed: 5 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.