auth0-mfa
Use when adding multi-factor authentication (MFA/2FA) or requiring additional verification for sensitive operations - covers step-up auth, adaptive MFA, and risk-based authentication with Auth0
82
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillEvaluation — 98%
↑ 1.42xAgent success when using this skill
Validation for skill structure
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description with excellent trigger term coverage and clear 'Use when' guidance. The main weakness is that it describes the domain and authentication types but lacks specific concrete actions (what operations Claude will actually perform). Adding action verbs like 'configure', 'implement', or 'set up' would strengthen the specificity.
Suggestions
Add concrete actions to improve specificity, e.g., 'Configure MFA policies, implement TOTP/SMS verification, set up step-up authentication flows'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (MFA/2FA, authentication) and mentions specific types (step-up auth, adaptive MFA, risk-based authentication), but doesn't list concrete actions like 'configure MFA policies', 'implement TOTP', or 'set up SMS verification'. | 2 / 3 |
Completeness | Explicitly answers both what (MFA/2FA, step-up auth, adaptive MFA, risk-based authentication with Auth0) and when ('Use when adding multi-factor authentication or requiring additional verification for sensitive operations') with clear trigger guidance at the start. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'multi-factor authentication', 'MFA', '2FA', 'additional verification', 'sensitive operations', 'step-up auth', 'adaptive MFA', 'risk-based authentication', and 'Auth0' - these are all terms users naturally use when discussing this topic. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with clear niche - specifically targets MFA/2FA authentication with Auth0, unlikely to conflict with general authentication skills or other identity provider skills due to the specific Auth0 mention and MFA focus. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill has excellent progressive disclosure with well-organized references to supporting files, but suffers from explaining concepts Claude already knows (what MFA is) and deferring too much actionable content to external files. The main skill would benefit from including at least one complete, executable step-up authentication example rather than just describing the pattern abstractly.
Suggestions
Remove or significantly condense the 'What is MFA?' section - Claude knows what multi-factor authentication is
Include at least one complete, executable step-up authentication code example in the main file rather than deferring all examples to references/examples.md
Add explicit validation steps after enabling MFA factors (e.g., 'Verify configuration: auth0 api get guardian/factors | grep enabled')
Condense the MFA Factors table - the descriptions are largely self-evident from the factor names
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The overview section explains what MFA is, which Claude already knows. The factor table and key concepts table add some value but could be more condensed. The actual implementation guidance is reasonably efficient. | 2 / 3 |
Actionability | Provides concrete CLI commands for enabling MFA factors, but the step-up authentication section only shows the acr_values parameter without complete executable code - it defers to external files for actual implementation examples. | 2 / 3 |
Workflow Clarity | Steps are numbered and sequenced (Step 1, Step 2), but the implementation pattern is described abstractly rather than with concrete validation checkpoints. No explicit verification steps to confirm MFA is properly configured before proceeding. | 2 / 3 |
Progressive Disclosure | Excellent structure with clear overview in main file and well-signaled one-level-deep references to examples.md, backend.md, advanced.md, and api.md. Navigation is clear and content is appropriately split. | 3 / 3 |
Total | 9 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.