auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing A...
74
Quality
61%
Does it follow best practices?
Impact
100%
1.11xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-auth-implementation-patterns/SKILL.mdQuality
Discovery
72%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description effectively identifies its authentication/authorization niche with good technical trigger terms, but suffers from truncation that cuts off the 'Use when' clause. The capabilities listed are more technology-focused than action-focused, missing concrete verbs describing what the skill actually does.
Suggestions
Complete the truncated 'Use when...' clause with full trigger scenarios (e.g., 'Use when implementing login systems, securing APIs, managing user permissions, or handling tokens')
Replace vague outcome language with specific actions (e.g., 'Validates JWT tokens, implements OAuth2 flows, manages user sessions, configures role-based permissions')
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (authentication/authorization) and lists specific technologies (JWT, OAuth2, session management, RBAC), but uses vague outcome language ('build secure, scalable access control systems') rather than concrete actions like 'validate tokens' or 'implement role checks'. | 2 / 3 |
Completeness | Has a partial 'Use when...' clause ('Use when implementing auth systems, securing A...') but it's truncated and incomplete. The 'what' is reasonably covered but the 'when' guidance is cut off, preventing full evaluation of trigger scenarios. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'authentication', 'authorization', 'JWT', 'OAuth2', 'session management', 'RBAC', 'auth systems'. These are terms developers commonly use when seeking help with access control. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on authentication/authorization patterns with distinct technical terms (JWT, OAuth2, RBAC) that are unlikely to conflict with general coding or security skills. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is well-structured and concise but lacks actionability - it reads more like a table of contents than executable guidance. For security-critical authentication work, the absence of concrete code examples, specific commands, or validation steps is a significant gap. The skill relies too heavily on the external playbook without providing enough standalone value.
Suggestions
Add at least one concrete, executable code example for a common auth pattern (e.g., JWT validation middleware or session setup)
Include specific validation/verification steps for auth implementations (e.g., 'Test token expiration with: curl -H "Authorization: Bearer expired_token"')
Provide a minimal quick-start example inline rather than deferring all implementation details to the external playbook
Add concrete security checklist items with specific checks (e.g., 'Verify HTTPS-only cookies: check Set-Cookie header includes Secure flag')
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, avoiding unnecessary explanations of concepts Claude already knows. Every section serves a clear purpose without padding or verbose descriptions. | 3 / 3 |
Actionability | The skill provides only abstract guidance ('Choose auth strategy', 'Design authorization model') without any concrete code, commands, or executable examples. It describes what to do conceptually but not how to do it. | 1 / 3 |
Workflow Clarity | Steps are listed in a logical sequence (define, choose, design, plan), but there are no validation checkpoints, feedback loops, or concrete verification steps for these security-critical operations. | 2 / 3 |
Progressive Disclosure | References the implementation playbook appropriately, but the main content is too thin - it's essentially just a pointer to another file without providing enough actionable quick-start content in the skill itself. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
5c5ae21
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.