identity

User identity, OAuth connections, and device management

Quality

40%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./src/skills/bundled/identity/SKILL.md

Quality

Content

57%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill provides comprehensive, actionable API reference content with executable TypeScript examples and clear chat commands. However, it suffers from being a monolithic reference document that should be split into an overview with linked sub-files, and it lacks validation/error-handling steps for security-sensitive operations like device revocation and OAuth linking. Some content like the best practices section adds little value for Claude.

Suggestions

Split the content into a concise SKILL.md overview with links to separate files like OAUTH.md, DEVICES.md, and SESSIONS.md for detailed API reference

Add error handling and validation steps for security-sensitive operations (e.g., what happens if OAuth callback fails, confirmation before revokeAllDevices)

Remove the 'Best Practices' section — these are generic security tips Claude already knows

Trim console.log examples to show only the API calls; Claude can infer how to log results

Dimension	Reasoning	Score
Conciseness	The content is mostly efficient with clear code examples and tables, but includes some unnecessary verbosity like console.log statements showing obvious fields, and the 'Best Practices' section contains generic advice Claude already knows (e.g., 'Use strong auth — OAuth over passwords').	2 / 3
Actionability	The skill provides fully executable TypeScript code examples with concrete API calls, configuration objects, and chat commands. Code is copy-paste ready with real patterns for OAuth flows, device management, and session handling.	3 / 3
Workflow Clarity	The OAuth flow shows a clear sequence (generate URL → handle callback), but there are no validation checkpoints or error handling steps for security-sensitive operations like revoking devices, unlinking providers, or handling OAuth failures. Missing feedback loops for these potentially destructive operations caps this at 2.	2 / 3
Progressive Disclosure	This is a monolithic wall of content — a full API reference inlined into a single file with no references to external files. The chat commands, TypeScript API, trust levels, OAuth providers, device types, and best practices could be split into separate reference files with a concise overview in the main skill.	1 / 3
	Total	8 / 12 Passed

Description

22%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This description is too terse and abstract, listing only topic nouns without concrete actions or explicit trigger conditions. It fails to tell Claude what the skill actually does or when to select it, making it poorly suited for disambiguation among many skills. Adding specific verbs and a 'Use when...' clause would significantly improve it.

Suggestions

Add concrete action verbs describing what the skill does, e.g., 'Authenticate users via OAuth, manage connected devices, retrieve user identity information, revoke access tokens'.

Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about login, authentication, OAuth tokens, SSO, connected devices, or managing app permissions'.

Include common keyword variations users might say, such as 'login', 'sign in', 'SSO', 'access tokens', 'connected apps', 'two-factor', 'MFA'.

Dimension	Reasoning	Score
Specificity	The description names a domain (identity/OAuth/device management) but lists no concrete actions—only abstract nouns. There are no verbs describing what the skill actually does (e.g., 'authenticate users', 'list connected devices', 'revoke tokens').	1 / 3
Completeness	The description weakly addresses 'what' (only topic areas, no actions) and completely omits 'when' — there is no 'Use when...' clause or any explicit trigger guidance.	1 / 3
Trigger Term Quality	It includes some relevant keywords like 'OAuth', 'device management', and 'user identity' that users might mention, but misses common variations such as 'login', 'authentication', 'SSO', 'tokens', 'connected apps', 'sign in', or 'permissions'.	2 / 3
Distinctiveness Conflict Risk	The combination of 'OAuth connections' and 'device management' provides some specificity, but 'user identity' is broad enough to overlap with general user profile or account management skills.	2 / 3
	Total	6 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Repository: alsk1992/CloddsBot
Commit: e71a5f6

Reviewed: 2 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.