auth0-mfa
Use when adding MFA, 2FA, TOTP, SMS codes, push notifications, passkeys, or when requiring step-up verification for sensitive operations or meeting compliance requirements (HIPAA, PCI-DSS) - covers adaptive and risk-based authentication with Auth0.
71
64%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/auth0/skills/auth0-mfa/SKILL.mdQuality
Discovery
72%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description excels at trigger term coverage and distinctiveness, providing a rich set of natural keywords that would help Claude select this skill appropriately. However, it is structured entirely as a 'Use when...' clause without first stating what the skill actually does (the concrete actions it performs), which weakens both specificity and completeness. Adding a leading sentence describing specific capabilities would significantly improve it.
Suggestions
Add a leading sentence describing concrete actions, e.g., 'Configures and implements multi-factor authentication flows, enrolls users in TOTP/SMS/passkey factors, sets up adaptive MFA policies, and enables step-up verification for sensitive operations in Auth0.'
Include specific verbs for what the skill does (configure, implement, troubleshoot, set up) before the 'Use when...' clause to clearly answer 'what does this do'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description mentions several authentication methods (MFA, 2FA, TOTP, SMS codes, push notifications, passkeys) and concepts (step-up verification, adaptive/risk-based authentication), but it doesn't list concrete actions like 'configure TOTP enrollment', 'set up SMS verification', or 'implement adaptive MFA policies'. It names the domain and some capabilities but lacks specific actionable verbs. | 2 / 3 |
Completeness | The description starts with 'Use when...' which explicitly addresses the 'when' question with good trigger guidance. However, the 'what does this do' part is weak — it never clearly states what actions the skill performs (e.g., configures, implements, troubleshoots). It tells you when to use it but not what it actually does. | 2 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: MFA, 2FA, TOTP, SMS codes, push notifications, passkeys, step-up verification, HIPAA, PCI-DSS, adaptive authentication, risk-based authentication, and Auth0. These are all terms a user would naturally use when seeking help with multi-factor authentication. | 3 / 3 |
Distinctiveness Conflict Risk | The description is highly specific to MFA/2FA with Auth0, which creates a clear niche. The combination of authentication method types, compliance frameworks, and the Auth0 platform makes it very unlikely to conflict with other skills. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill has strong organizational structure with excellent progressive disclosure to reference files, but the main content is weakened by verbose explanatory sections that Claude doesn't need (MFA definition, factor descriptions table) and insufficient actionable code in the core file itself. The workflow lacks validation checkpoints to confirm MFA is properly configured before proceeding.
Suggestions
Remove the 'What is MFA?' section and the MFA Factors table — Claude already knows these concepts. Replace with just the Auth0-specific factor identifiers needed for API calls.
Add at least one complete, executable step-up authentication code example directly in the main file rather than deferring all examples to references.
Add validation steps after enabling MFA (e.g., 'Verify: auth0 api get guardian/factors and confirm enabled:true') and after implementing step-up auth (e.g., checking the amr claim in a decoded token).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The overview section includes unnecessary explanations (what MFA is, factor descriptions table) that Claude already knows. The 'When to Use This Skill' section repeats the skill description. However, the CLI commands and implementation patterns are efficient. | 2 / 3 |
Actionability | The CLI commands for enabling MFA factors are concrete and executable, but the step-up authentication section only provides a general pattern and defers all actual code examples to reference files. The main skill file lacks any executable code for the core implementation task. | 2 / 3 |
Workflow Clarity | Steps 1 and 2 provide a reasonable sequence, and the step-up pattern outlines a 3-step process. However, there are no validation checkpoints — no way to verify MFA is correctly enabled, no error recovery steps, and no verification that step-up auth is working after implementation. | 2 / 3 |
Progressive Disclosure | Excellent progressive disclosure with a clear overview in the main file and well-signaled one-level-deep references to examples, backend validation, advanced topics, and API reference. Each reference file's purpose is clearly described with bullet points of what it contains. | 3 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
Total | 10 / 11 Passed | |
- Repository
- auth0/agent-skills
- Commit
d85127d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.