identity
User identity, OAuth connections, and device management
51
40%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./src/skills/bundled/identity/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is too terse and abstract, listing only topic nouns without concrete actions or explicit trigger conditions. It fails to tell Claude what the skill actually does or when to select it, making it poorly suited for disambiguation among many skills. Adding specific verbs and a 'Use when...' clause would significantly improve it.
Suggestions
Add concrete action verbs describing what the skill does, e.g., 'Authenticate users via OAuth, manage connected devices, retrieve user identity information, revoke access tokens'.
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about login, authentication, OAuth tokens, SSO, connected devices, or managing app permissions'.
Include common keyword variations users might say, such as 'login', 'sign in', 'SSO', 'access tokens', 'connected apps', 'two-factor', 'MFA'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names a domain (identity/OAuth/device management) but lists no concrete actions—only abstract nouns. There are no verbs describing what the skill actually does (e.g., 'authenticate users', 'list connected devices', 'revoke tokens'). | 1 / 3 |
Completeness | The description weakly addresses 'what' (only topic areas, no actions) and completely omits 'when' — there is no 'Use when...' clause or any explicit trigger guidance. | 1 / 3 |
Trigger Term Quality | It includes some relevant keywords like 'OAuth', 'device management', and 'user identity' that users might mention, but misses common variations such as 'login', 'authentication', 'SSO', 'tokens', 'connected apps', 'sign in', or 'permissions'. | 2 / 3 |
Distinctiveness Conflict Risk | The combination of 'OAuth connections' and 'device management' provides some specificity, but 'user identity' is broad enough to overlap with general user profile or account management skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides comprehensive, actionable API reference content with executable TypeScript examples and clear chat commands. However, it suffers from being a monolithic reference document that should be split into an overview with linked sub-files, and it lacks validation/error-handling steps for security-sensitive operations like device revocation and OAuth linking. Some content like the best practices section adds little value for Claude.
Suggestions
Split the content into a concise SKILL.md overview with links to separate files like OAUTH.md, DEVICES.md, and SESSIONS.md for detailed API reference
Add error handling and validation steps for security-sensitive operations (e.g., what happens if OAuth callback fails, confirmation before revokeAllDevices)
Remove the 'Best Practices' section — these are generic security tips Claude already knows
Trim console.log examples to show only the API calls; Claude can infer how to log results
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is mostly efficient with clear code examples and tables, but includes some unnecessary verbosity like console.log statements showing obvious fields, and the 'Best Practices' section contains generic advice Claude already knows (e.g., 'Use strong auth — OAuth over passwords'). | 2 / 3 |
Actionability | The skill provides fully executable TypeScript code examples with concrete API calls, configuration objects, and chat commands. Code is copy-paste ready with real patterns for OAuth flows, device management, and session handling. | 3 / 3 |
Workflow Clarity | The OAuth flow shows a clear sequence (generate URL → handle callback), but there are no validation checkpoints or error handling steps for security-sensitive operations like revoking devices, unlinking providers, or handling OAuth failures. Missing feedback loops for these potentially destructive operations caps this at 2. | 2 / 3 |
Progressive Disclosure | This is a monolithic wall of content — a full API reference inlined into a single file with no references to external files. The chat commands, TypeScript API, trust levels, OAuth providers, device types, and best practices could be split into separate reference files with a concise overview in the main skill. | 1 / 3 |
Total | 8 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- alsk1992/CloddsBot
- Commit
e71a5f6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.