auth-implementation-patterns
Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices.
33
28%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-auth-implementation-patterns/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description reads like a marketing tagline rather than a functional skill description. It relies heavily on buzzwords ('secure, scalable', 'industry-standard', 'modern best practices') without specifying concrete actions or providing any trigger guidance for when Claude should select this skill. The core domain of auth is identifiable but insufficiently detailed.
Suggestions
Replace vague phrases like 'industry-standard patterns and modern best practices' with specific actions such as 'Implement OAuth 2.0 flows, JWT token management, session handling, role-based access control (RBAC), and password hashing.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about login systems, sign-in flows, OAuth, JWT, SSO, permissions, API keys, or access control.'
Remove marketing-style adjectives ('secure, scalable') and instead describe the concrete outputs or artifacts the skill produces (e.g., 'Generates middleware, auth routes, and token validation logic').
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague, buzzword-heavy language like 'secure, scalable', 'industry-standard patterns', and 'modern best practices' without listing any concrete actions. It doesn't specify what actions are performed (e.g., implement OAuth, set up JWT tokens, configure RBAC). | 1 / 3 |
Completeness | The 'what' is vaguely stated as 'build authentication and authorization systems' without specifics, and there is no 'when' clause or explicit trigger guidance at all. The missing 'Use when...' clause would cap this at 2 regardless, but the weak 'what' brings it to 1. | 1 / 3 |
Trigger Term Quality | It includes 'authentication' and 'authorization' which are natural terms users would say, but misses common variations like 'login', 'sign-in', 'OAuth', 'JWT', 'SSO', 'password', 'session management', 'RBAC', 'permissions', etc. | 2 / 3 |
Distinctiveness Conflict Risk | The auth domain is somewhat specific, but 'authentication and authorization' could overlap with security-focused skills, API development skills, or backend development skills. The lack of concrete scope boundaries increases conflict risk. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a table of contents or checklist than actionable guidance. It lacks any concrete code, specific patterns, or executable examples for authentication/authorization — a domain where precise implementation details matter enormously. The content assumes Claude needs to be told abstract planning steps ('choose auth strategy') rather than providing the specific patterns, code snippets, and security validations that would actually be useful.
Suggestions
Add concrete, executable code examples for at least one auth pattern (e.g., JWT token validation middleware, session-based auth setup, or OAuth2 flow implementation).
Include explicit validation/verification steps such as 'Test token expiry handling', 'Verify refresh token rotation works', or specific security checks to run after implementation.
Replace the abstract instruction bullets with specific, actionable guidance — e.g., instead of 'Choose auth strategy', provide a decision matrix or concrete criteria with corresponding implementation snippets.
Either provide the referenced `resources/implementation-playbook.md` bundle file or inline the most critical patterns directly in the SKILL.md so the skill has standalone value.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is relatively brief but includes some unnecessary sections like 'Use this skill when' / 'Do not use this skill when' which are somewhat obvious and padded. The 'Limitations' section restates generic advice Claude already knows (e.g., 'stop and ask for clarification'). However, it's not egregiously verbose. | 2 / 3 |
Actionability | The instructions are entirely abstract and high-level ('Define users, tenants, flows...', 'Choose auth strategy', 'Design authorization model'). There are no concrete code examples, specific commands, executable snippets, or copy-paste-ready patterns. The skill describes what to think about rather than what to do. | 1 / 3 |
Workflow Clarity | There is a rough sequence implied in the instructions (define → choose → design → plan → consult playbook), but there are no validation checkpoints, no feedback loops, and no explicit verification steps for what are inherently security-critical operations. | 2 / 3 |
Progressive Disclosure | The skill references `resources/implementation-playbook.md` for detailed patterns, which is good progressive disclosure in principle. However, no bundle files were provided, so we cannot verify the reference exists or is useful. The main file itself is too thin — it defers almost all substance to the playbook without providing enough standalone value. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
95574f3
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.