auth-patterns
This skill should be used when the user asks about "authentication in Next.js", "NextAuth", "Auth.js", "middleware auth", "protected routes", "session management", "JWT", "login flow", or needs guidance on implementing authentication and authorization in Next.js applications.
68
55%
Does it follow best practices?
Impact
90%
1.40xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./.trae/skills/auth-patterns/SKILL.mdQuality
Discovery
37%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a list of trigger terms masquerading as a skill description. While it excels at providing searchable keywords users might say, it completely fails to explain what the skill actually does. The description inverts the expected structure - it's all 'when' with no 'what'.
Suggestions
Add concrete capability statements at the beginning describing what the skill does, e.g., 'Implements authentication flows using NextAuth.js/Auth.js, configures middleware for route protection, manages sessions and JWT tokens.'
Restructure to lead with capabilities, then follow with 'Use when...' clause containing the trigger terms
Use third person active voice to describe actions: 'Configures OAuth providers', 'Sets up protected routes', 'Implements session management'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description lacks concrete actions entirely. It only lists trigger terms but never describes what the skill actually does - no verbs like 'implements', 'configures', 'guides', etc. | 1 / 3 |
Completeness | The description only addresses 'when' (trigger conditions) but completely omits 'what' - there is no explanation of what capabilities or actions this skill provides. | 1 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'authentication in Next.js', 'NextAuth', 'Auth.js', 'middleware auth', 'protected routes', 'session management', 'JWT', 'login flow' - these are all terms developers naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | The specific mention of Next.js authentication and related terms like NextAuth/Auth.js provides some distinctiveness, but without describing actual capabilities, it could overlap with general Next.js or general authentication skills. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid authentication skill with excellent actionable code examples covering NextAuth.js v5, middleware patterns, and RBAC. The main weaknesses are some unnecessary content (library comparison table, basic security practices Claude knows) and lack of explicit setup workflow with validation checkpoints for what is a multi-step configuration process.
Suggestions
Remove the library comparison table and security best practices list - Claude can provide this guidance contextually without it consuming token budget
Add an explicit setup workflow at the beginning with validation steps: 'After step 2, verify auth works by visiting /api/auth/providers' or similar checkpoints
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with good code examples, but includes some unnecessary elements like the library comparison table (Claude can recommend libraries based on context) and the security best practices list which covers concepts Claude already knows. | 2 / 3 |
Actionability | Excellent executable code examples throughout - complete TypeScript/TSX snippets for auth configuration, middleware, session handling, RBAC, and login pages. All code is copy-paste ready with proper imports and file paths. | 3 / 3 |
Workflow Clarity | While individual code blocks are clear, there's no explicit setup workflow with validation checkpoints. Missing a clear sequence like 'install → configure → test → deploy' with verification steps between stages. | 2 / 3 |
Progressive Disclosure | Good structure with clear sections progressing from setup to advanced patterns. References to detailed docs at the end are well-signaled and one level deep. Content is appropriately organized for discovery. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- Lingjie-chen/MT5
- Commit
3069d33
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.