auth-implementation-patterns
Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices.
37
22%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-auth-implementation-patterns/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description reads like a marketing tagline rather than a functional skill description. It relies heavily on buzzwords ('secure, scalable', 'industry-standard', 'modern best practices') without specifying concrete actions or providing any trigger guidance for when Claude should select this skill. The core domain (auth) is identifiable but insufficiently detailed.
Suggestions
Replace vague language with specific concrete actions, e.g., 'Implement OAuth 2.0 flows, configure JWT authentication, set up role-based access control (RBAC), manage session tokens, and integrate SSO providers.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about login systems, authentication, authorization, OAuth, JWT, API keys, password hashing, SSO, or access control.'
Remove marketing buzzwords like 'industry-standard patterns' and 'modern best practices' and replace with specific technologies or patterns (e.g., 'bcrypt password hashing', 'refresh token rotation', 'middleware-based authorization').
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague, buzzword-heavy language like 'secure, scalable', 'industry-standard patterns', and 'modern best practices' without listing any concrete actions. It doesn't specify what actions are performed (e.g., implement OAuth flows, configure JWT tokens, set up role-based access control). | 1 / 3 |
Completeness | The description only vaguely addresses 'what' (build auth systems) and completely lacks a 'when' clause or any explicit trigger guidance. Per the rubric, a missing 'Use when...' clause caps completeness at 2, and the 'what' is also weak, so this scores a 1. | 1 / 3 |
Trigger Term Quality | It includes some relevant keywords like 'authentication' and 'authorization' that users might naturally say, but misses common variations and specific terms like 'login', 'OAuth', 'JWT', 'SSO', 'RBAC', 'session management', 'password hashing', or 'API keys'. | 2 / 3 |
Distinctiveness Conflict Risk | The terms 'authentication and authorization' provide some domain specificity that distinguishes it from generic coding skills, but the broad framing ('systems using industry-standard patterns') could overlap with security-focused skills, backend development skills, or API design skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a high-level outline that defers all substantive content to a referenced file that doesn't exist in the bundle. The instructions are abstract planning prompts ('Define users', 'Choose auth strategy', 'Design authorization model') with no concrete code, specific patterns, executable examples, or validation steps. For a security-critical domain like authentication and authorization, the lack of actionable guidance and verification workflows is a serious weakness.
Suggestions
Add concrete, executable code examples for at least one auth pattern (e.g., JWT token validation middleware, session-based auth setup, or OAuth2 flow implementation) directly in the SKILL.md.
Replace the abstract planning steps with a specific workflow sequence including validation checkpoints, e.g., '1. Generate keys with `openssl ...` 2. Configure token signing 3. Validate: test with expired/invalid tokens 4. If validation fails, check ...'
Include the `resources/implementation-playbook.md` bundle file with the detailed patterns and examples, or inline the most critical patterns directly in the skill body.
Remove the generic 'Limitations' section and 'Use/Do not use' lists, and use that space for actionable security checklists or concrete configuration examples.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is relatively brief but includes some unnecessary sections like 'Use this skill when' / 'Do not use this skill when' lists that explain obvious scoping Claude can infer. The 'Limitations' section also restates generic best practices Claude already knows. | 2 / 3 |
Actionability | The instructions are entirely abstract and vague — 'Define users, tenants, flows', 'Choose auth strategy', 'Design authorization model' — with no concrete code, commands, specific examples, or executable guidance. It describes what to think about rather than what to do. | 1 / 3 |
Workflow Clarity | The steps are high-level planning prompts without clear sequencing, validation checkpoints, or feedback loops. For a security-sensitive domain involving credential storage and token lifecycle, the absence of any verification or validation steps is a significant gap. | 1 / 3 |
Progressive Disclosure | The skill references `resources/implementation-playbook.md` for detailed patterns, which is a reasonable one-level-deep reference. However, no bundle files were provided, so the referenced file doesn't exist, and the SKILL.md itself provides almost no substantive content — it's essentially an empty shell pointing to a missing resource. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
431bfad
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.