auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
76
Quality
75%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./docs/v19.7/configuration/agent/skills_external/antigravity-awesome-skills-main/skills/auth-implementation-patterns/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope around authentication and authorization patterns with specific technologies (JWT, OAuth2, RBAC). It includes an explicit 'Use when...' clause with natural trigger terms and is distinctive enough to avoid conflicts with other security or coding skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and patterns: 'JWT, OAuth2, session management, and RBAC' along with clear outcomes 'build secure, scalable access control systems'. Also mentions specific use cases like 'implementing auth systems, securing APIs, debugging security issues'. | 3 / 3 |
Completeness | Clearly answers both what ('Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems') AND when ('Use when implementing auth systems, securing APIs, or debugging security issues') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'authentication', 'authorization', 'JWT', 'OAuth2', 'session management', 'RBAC', 'auth systems', 'APIs', 'security issues'. These cover common variations and technical terms users naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on authentication/authorization patterns with distinct triggers like 'JWT', 'OAuth2', 'RBAC', 'auth systems'. Unlikely to conflict with general coding or security skills due to specific auth-focused terminology. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is concise but lacks actionability - it reads more like a table of contents than executable guidance. For security-critical authentication patterns, the absence of concrete code examples, specific commands, or validation steps is a significant weakness. The content defers almost entirely to an external resource without providing enough standalone value.
Suggestions
Add at least one concrete, executable code example for a common auth pattern (e.g., JWT validation middleware or session setup)
Include specific validation/verification steps for security-critical operations like 'verify token expiry is set' or 'test with invalid credentials'
Provide a minimal working example inline rather than deferring everything to the external playbook
Add concrete commands or checks for common debugging scenarios mentioned in the use cases
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, avoiding unnecessary explanations of concepts Claude already knows. Every section serves a purpose without padding or verbose descriptions. | 3 / 3 |
Actionability | The skill provides only abstract guidance ('Choose auth strategy', 'Design authorization model') without any concrete code, commands, or executable examples. It describes what to do conceptually but not how to do it. | 1 / 3 |
Workflow Clarity | Steps are listed in a logical sequence (define, choose, design, plan), but there are no validation checkpoints, feedback loops, or concrete verification steps for these security-critical operations. | 2 / 3 |
Progressive Disclosure | References the implementation playbook appropriately, but the main content is too sparse to serve as a useful overview. The skill essentially just points to another file without providing enough standalone value. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- duclm1x1/Dive-Ai
- Commit
20ba150
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.