auth0-aspnetcore-api
Use when securing ASP.NET Core Web API endpoints with JWT Bearer token validation, scope/permission checks, or stateless auth - integrates Auth0.AspNetCore.Authentication.Api for REST APIs receiving access tokens from frontends or mobile apps. Also handles DPoP proof-of-possession token binding. Triggers on: AddAuth0ApiAuthentication, .NET Web API auth, JWT validation, UseAuthentication, UseAuthorization.
74
92%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines a narrow, specific domain (Auth0 API authentication for ASP.NET Core Web APIs), lists concrete capabilities (JWT validation, scope checks, DPoP binding), and provides explicit trigger guidance with both a 'Use when' clause and a 'Triggers on' list. The description is concise yet comprehensive, uses third-person voice correctly, and would be easily distinguishable from other authentication or .NET skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: JWT Bearer token validation, scope/permission checks, stateless auth, DPoP proof-of-possession token binding, and names the specific library (Auth0.AspNetCore.Authentication.Api) and context (REST APIs receiving access tokens from frontends or mobile apps). | 3 / 3 |
Completeness | Clearly answers both 'what' (securing ASP.NET Core Web API endpoints with JWT Bearer token validation, scope checks, DPoP binding using Auth0.AspNetCore.Authentication.Api) and 'when' (explicit 'Use when' clause at the start plus a 'Triggers on' list at the end). | 3 / 3 |
Trigger Term Quality | Includes excellent natural trigger terms that users would actually type: 'AddAuth0ApiAuthentication', '.NET Web API auth', 'JWT validation', 'UseAuthentication', 'UseAuthorization', plus domain terms like 'ASP.NET Core Web API', 'Bearer token', 'scope/permission checks', and 'DPoP'. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive — narrowly scoped to Auth0 API authentication for ASP.NET Core Web APIs specifically, with unique triggers like 'AddAuth0ApiAuthentication' and 'DPoP proof-of-possession'. Unlikely to conflict with general auth skills or frontend Auth0 skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, highly actionable skill with clear workflow sequencing and good progressive disclosure to reference files. The main weakness is moderate verbosity — the 'When NOT to Use' section, the lengthy interactive prompt block, and some redundancy between the Quick Reference and the step-by-step content add tokens without proportional value. Overall it's a strong skill that could be tightened for token efficiency.
Suggestions
Trim or remove the 'When NOT to Use' section — Claude already knows the difference between web API auth and SPA/mobile auth patterns, and this consumes tokens without adding actionable guidance.
Condense the Step 2 interactive prompt block — the exact wording of the question to ask the user is overly prescriptive and verbose; a shorter instruction like 'Ask the user whether they want automated (CLI) or manual setup before proceeding' would suffice.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with good code examples, but includes some unnecessary content like the 'When NOT to Use' section (Claude can infer this), the verbose interactive prompt script in Step 2, and some redundancy between the Quick Reference section and the steps above. The common mistakes table is valuable but could be tighter. | 2 / 3 |
Actionability | Provides fully executable code for every step: bash install commands, complete appsettings.json, full Program.cs configuration, both Minimal API and Controller-based endpoint examples, and curl test commands. All code is copy-paste ready with realistic values. | 3 / 3 |
Workflow Clarity | Clear 6-step sequential workflow with explicit ordering constraints (middleware order matters), a deliberate stop-and-ask checkpoint before proceeding with API creation, branching paths for automated vs manual setup, and a testing/validation step at the end. The common mistakes table serves as an error recovery reference. | 3 / 3 |
Progressive Disclosure | Excellent structure: Quick Start inline with essential code, then clear one-level-deep references to Setup Guide, Integration Guide, and API Reference for advanced topics (scope-based auth, DPoP, CLI setup). Navigation is well-signaled with descriptive links. However, no bundle files were provided to verify the referenced files exist. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_field | 'metadata' should map string keys to string values | Warning |
Total | 10 / 11 Passed | |
- Repository
- auth0/agent-skills
- Commit
bdf0dc2
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.