setup-flows-auth
MUST be used when migrating an existing React app to Flows, or when no Flows auth is wired up. Detects classic vs Apps API flow from `app.json` `infra` field, installs the right packages, and wires up the entry file. No-op when a valid auth setup is already in place. Triggers: migrate to Flows, add Flows auth, DuneAuthProvider, AppSdkAuthProvider, connectToHostApp, useDune, Flows setup, setup auth, missing auth provider, CDF authentication, Fusion iframe auth.
71
88%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines its purpose, scope, and trigger conditions. It provides specific technical details about what it does (detects flow type, installs packages, wires entry file) and when to use it (migrating to Flows, missing auth). The comprehensive trigger terms list covers both natural language phrases and specific technical identifiers, making it highly discoverable and distinct.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: detects classic vs Apps API flow from `app.json` `infra` field, installs the right packages, wires up the entry file, and performs no-op when valid auth is already in place. These are detailed, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (detects flow type, installs packages, wires up entry file) and 'when' (migrating React app to Flows, no Flows auth wired up) with an explicit 'MUST be used when' clause and a comprehensive Triggers list. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms including both user-facing phrases ('migrate to Flows', 'add Flows auth', 'setup auth', 'missing auth provider') and technical identifiers ('DuneAuthProvider', 'AppSdkAuthProvider', 'connectToHostApp', 'useDune', 'CDF authentication', 'Fusion iframe auth'). | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a very specific niche: Flows auth migration for React apps using specific providers (DuneAuthProvider, AppSdkAuthProvider) and specific detection logic (app.json infra field). Unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, actionable skill with clear workflow sequencing, concrete executable code for both auth flows, and good decision logic. Its main weakness is length — the dual-flow structure leads to repetition across steps that could be better managed through progressive disclosure into separate files. Minor verbosity in explanatory bullets after code blocks could also be trimmed.
Suggestions
Consider splitting Classic and Apps API flow details into separate reference files (e.g., CLASSIC_FLOW.md and APPS_API_FLOW.md) and keeping SKILL.md as a concise overview with the decision table and links.
Remove the bullet-point explanations after the Vite config (e.g., what mkcert and fusionOpenPlugin do) — these are self-evident from the code and comments.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient and avoids explaining basic React or Vite concepts, but includes some unnecessary commentary (e.g., explaining what mkcert and fusionOpenPlugin do when Claude can infer this, and the bullet-point explanations after the Vite config). The tables and code are well-structured but the overall length could be tightened. | 2 / 3 |
Actionability | Fully executable code examples are provided for both flows across all steps — Vite config, entry files, component usage. The dependency tables are specific with package names and types, and the package manager detection logic is concrete and copy-paste ready. | 3 / 3 |
Workflow Clarity | The 5-step workflow is clearly sequenced with an explicit no-op detection in Step 1 (validation checkpoint before acting), conditional branching based on app.json, and a cleanup step with a safety heuristic ('if unsure, leave it and flag to the user'). The flow selection table at the top provides clear decision logic. | 3 / 3 |
Progressive Disclosure | The content is well-organized with clear headers and tables, but it's a long monolithic file (~150 lines of substantive content) with no references to external files. The two parallel flows (Classic vs Apps API) repeated across every step could benefit from being split into separate reference files, with the SKILL.md serving as a shorter overview. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata.version' is missing | Warning |
Total | 9 / 11 Passed | |
- Repository
- cognitedata/builder-skills
- Commit
d6af887
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.