auth-implementation-patterns
Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices.
37
22%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-auth-implementation-patterns/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description reads like a marketing tagline rather than a functional skill description. It relies heavily on buzzwords ('secure', 'scalable', 'industry-standard', 'modern best practices') without specifying concrete actions or providing any trigger guidance for when Claude should select this skill. The auth domain gives it some natural keyword value, but it needs significant improvement across all dimensions.
Suggestions
Replace vague language with specific actions, e.g., 'Implement OAuth 2.0 flows, configure JWT authentication, set up role-based access control (RBAC), manage session tokens, and integrate SSO providers.'
Add an explicit 'Use when...' clause with trigger terms, e.g., 'Use when the user asks about login systems, authentication, authorization, OAuth, JWT, API keys, permissions, roles, SSO, or password management.'
Remove filler phrases like 'industry-standard patterns and modern best practices' and replace with concrete technologies or patterns (e.g., 'using OAuth 2.0, OpenID Connect, SAML, JWT, bcrypt').
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague, buzzword-heavy language like 'secure, scalable', 'industry-standard patterns', and 'modern best practices' without listing any concrete actions. It doesn't specify what actions are performed (e.g., implement OAuth flows, configure JWT tokens, set up RBAC). | 1 / 3 |
Completeness | The 'what' is vaguely stated as 'build authentication and authorization systems' without specifics, and there is no 'when' clause or explicit trigger guidance at all. The missing 'Use when...' clause would cap this at 2 regardless, but the weak 'what' brings it to 1. | 1 / 3 |
Trigger Term Quality | It includes 'authentication' and 'authorization' which are natural terms users would say, but misses common variations like 'login', 'sign-in', 'OAuth', 'JWT', 'SSO', 'password', 'permissions', 'roles', 'RBAC', 'session management'. | 2 / 3 |
Distinctiveness Conflict Risk | The auth domain is somewhat specific, but 'build secure, scalable systems' is generic enough to overlap with security-focused skills, API development skills, or general backend development skills. The lack of concrete scope boundaries increases conflict risk. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a table of contents or high-level checklist than an actionable skill document. It completely lacks concrete code examples, specific implementation patterns, or executable guidance for authentication/authorization—a domain where precise, secure code matters greatly. The content defers almost everything to an external playbook without providing enough substance in the main file to be independently useful.
Suggestions
Add at least one concrete, executable code example for a common auth pattern (e.g., JWT token validation middleware, session setup, or password hashing) directly in the SKILL.md.
Replace the abstract instruction bullets ('Define users...', 'Choose auth strategy...') with specific, actionable steps that include concrete decisions, commands, or configuration snippets.
Add explicit validation/verification checkpoints to the workflow, such as 'Test token expiration handling', 'Verify secrets are not in logs', or 'Run auth integration tests before deploying'.
Include a brief summary of key patterns from the implementation playbook (e.g., a JWT example vs. session example) so the SKILL.md is useful on its own without requiring the external file.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Reasonably concise but the 'Use this skill when' and 'Do not use this skill when' sections add moderate overhead without providing actionable implementation guidance. The instructions section is lean but borders on too vague. | 2 / 3 |
Actionability | The instructions are entirely abstract ('Define users, tenants, flows...', 'Choose auth strategy...', 'Design authorization model...'). There are no concrete code examples, specific commands, configuration snippets, or executable guidance whatsoever. It describes rather than instructs. | 1 / 3 |
Workflow Clarity | The five instruction bullets loosely imply a sequence but lack any validation checkpoints, feedback loops, or concrete steps. For a security-critical domain involving credential storage and token lifecycle, the absence of verification steps is a significant gap. | 1 / 3 |
Progressive Disclosure | There is a reference to `resources/implementation-playbook.md` for detailed patterns, which is good one-level-deep disclosure. However, the SKILL.md itself provides almost no substantive content as an overview—it's essentially just a pointer with vague bullet points, making the split feel like the main content is entirely deferred rather than summarized. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
f1697b6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.