auth0-mfa
Use when adding MFA, 2FA, TOTP, SMS codes, push notifications, passkeys, or when requiring step-up verification for sensitive operations or meeting compliance requirements (HIPAA, PCI-DSS) - covers adaptive and risk-based authentication with Auth0.
78
72%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/auth0/skills/auth0-mfa/SKILL.mdQuality
Discovery
72%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description excels at trigger terms and distinctiveness, providing comprehensive keywords users would naturally use when needing MFA/authentication help with Auth0. However, it's structured backwards - it leads with 'Use when' but never clearly states what the skill actually does (the concrete actions it performs). Adding explicit capability statements would significantly improve this description.
Suggestions
Add concrete action verbs at the beginning describing what the skill does, e.g., 'Configures and implements multi-factor authentication including TOTP, SMS codes, push notifications, and passkeys with Auth0.'
Restructure to lead with capabilities (what it does) before the 'Use when' clause to follow the pattern: actions first, triggers second.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (MFA/authentication) and lists several authentication types (TOTP, SMS codes, push notifications, passkeys), but doesn't describe concrete actions like 'configure', 'implement', or 'set up'. It lists what it covers rather than what it does. | 2 / 3 |
Completeness | Has a strong 'when' clause with 'Use when...' and multiple trigger scenarios, but the 'what' is weak - it doesn't clearly state what actions the skill performs (e.g., 'Configures multi-factor authentication...'). The description focuses on triggers without explaining capabilities. | 2 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'MFA', '2FA', 'TOTP', 'SMS codes', 'push notifications', 'passkeys', 'step-up verification', 'HIPAA', 'PCI-DSS', 'Auth0'. These are all terms users would naturally use when seeking authentication help. | 3 / 3 |
Distinctiveness Conflict Risk | Very distinct niche with specific triggers like 'Auth0', 'MFA', '2FA', 'TOTP', and compliance standards (HIPAA, PCI-DSS). Unlikely to conflict with other skills due to the specific authentication and compliance focus. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured MFA skill with excellent progressive disclosure and actionable CLI commands. The main weaknesses are some unnecessary explanatory content (MFA definition, factor descriptions) and missing validation checkpoints in the workflow. The skill would benefit from trimming the 'What is MFA?' section and adding verification steps after configuration.
Suggestions
Remove or significantly condense the 'What is MFA?' section and factor description table - Claude knows these concepts
Add validation steps after CLI commands, e.g., 'Verify configuration: auth0 api get guardian/factors' to confirm factors are enabled
Add error handling guidance for common MFA configuration failures
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary explanatory content like 'What is MFA?' which Claude already knows, and the factor table could be more compact. However, the CLI commands and implementation patterns are appropriately concise. | 2 / 3 |
Actionability | Provides fully executable CLI commands for enabling MFA factors, clear configuration steps, and specific parameter values (acr_values). The code is copy-paste ready and includes concrete API endpoints. | 3 / 3 |
Workflow Clarity | Steps are numbered and sequenced (Enable MFA → Implement Step-Up), but lacks validation checkpoints. No verification steps to confirm MFA is properly configured before proceeding, and no error recovery guidance for failed configurations. | 2 / 3 |
Progressive Disclosure | Excellent structure with clear overview in main file and well-signaled one-level-deep references to examples.md, backend.md, advanced.md, and api.md. Each reference file's purpose is clearly described. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- auth0/agent-skills
- Commit
fbcbfb1
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.