auth0-mfa
Use when adding MFA, 2FA, TOTP, SMS codes, push notifications, passkeys, or when requiring step-up verification for sensitive operations or meeting compliance requirements (HIPAA, PCI-DSS) - covers adaptive and risk-based authentication with Auth0.
56
64%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/auth0/skills/auth0-mfa/SKILL.mdQuality
Discovery
72%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description excels at trigger term coverage and distinctiveness, providing a rich set of natural keywords users would use and clearly scoping to Auth0 MFA. However, it lacks explicit action verbs describing what the skill actually does (configure, implement, troubleshoot, etc.), making it read more like a trigger condition list than a complete skill description.
Suggestions
Add concrete action verbs at the beginning describing what the skill does, e.g., 'Configures and implements multi-factor authentication flows, sets up TOTP/SMS/push/passkey factors, and enables step-up verification for sensitive operations in Auth0.'
Restructure to separate the 'what' from the 'when' — lead with capabilities, then follow with the 'Use when...' clause for trigger conditions.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description mentions several authentication methods (MFA, 2FA, TOTP, SMS codes, push notifications, passkeys) and concepts (step-up verification, adaptive/risk-based authentication), but it doesn't list concrete actions like 'configure', 'implement', or 'set up'. It names the domain and some capabilities but lacks explicit action verbs describing what the skill does. | 2 / 3 |
Completeness | The description has a 'Use when...' clause that covers the 'when' aspect well, but the 'what does this do' part is weak — it never explicitly states what actions the skill performs (e.g., configuring, implementing, troubleshooting). It reads more like a list of trigger conditions than a description of capabilities. | 2 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: MFA, 2FA, TOTP, SMS codes, push notifications, passkeys, step-up verification, HIPAA, PCI-DSS, adaptive authentication, risk-based authentication, Auth0. These are all terms users would naturally use when seeking help with multi-factor authentication. | 3 / 3 |
Distinctiveness Conflict Risk | The description is clearly scoped to MFA/authentication with Auth0 specifically, which creates a distinct niche. The combination of authentication methods, compliance frameworks, and the Auth0 platform makes it unlikely to conflict with other skills. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill has excellent progressive disclosure with clear navigation to reference files, and provides useful CLI commands for MFA setup. However, it spends tokens explaining concepts Claude already knows (what MFA is, factor types), and the core implementation guidance in the main file is too abstract — the actual executable code is entirely deferred to reference files that weren't provided. Adding validation checkpoints would also strengthen the workflow.
Suggestions
Remove or drastically shorten the 'What is MFA?' section and the MFA Factors table — Claude already knows these concepts. Keep only Auth0-specific details.
Include at least one complete, executable step-up authentication example directly in the main skill file rather than deferring all code to reference files.
Add validation checkpoints: after enabling MFA factors via CLI, show how to verify the configuration (e.g., `auth0 api get 'guardian/factors'` and expected output), and include error handling for common misconfigurations.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The 'What is MFA?' section and the MFA Factors table explain concepts Claude already knows. The 'When to Use This Skill' section is also somewhat redundant given the skill description. However, the CLI commands and implementation patterns are efficient and useful. | 2 / 3 |
Actionability | The CLI commands for enabling MFA factors are concrete and executable, which is good. However, the step-up authentication section only provides a general pattern and defers all actual code examples to reference files that weren't provided, leaving the main skill without any executable framework code. | 2 / 3 |
Workflow Clarity | The steps are sequenced (enable MFA → implement step-up auth) and the step-up pattern outlines a 3-step process. However, there are no validation checkpoints — no guidance on verifying MFA is properly enabled, no error recovery steps, and no way to confirm the configuration is working before proceeding. | 2 / 3 |
Progressive Disclosure | The skill is well-structured with a clear overview in the main file and well-signaled one-level-deep references to examples, backend validation, advanced topics, and API reference. Navigation is clear with descriptive summaries of what each reference file contains. | 3 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_field | 'metadata' should map string keys to string values | Warning |
Total | 10 / 11 Passed | |
- Repository
- auth0/agent-skills
- Commit
bdf0dc2
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.