api-key-auth-setup
Api Key Auth Setup - Auto-activating skill for API Development. Triggers on: api key auth setup, api key auth setup Part of the API Development skill category.
36
3%
Does it follow best practices?
Impact
100%
1.00xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/15-api-development/api-key-auth-setup/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is severely underdeveloped, essentially just restating the skill name without explaining capabilities or usage triggers. It lacks concrete actions, natural trigger terms, and explicit guidance on when to use it. The redundant trigger terms and missing 'Use when...' clause make it nearly unusable for skill selection among multiple options.
Suggestions
Add specific actions the skill performs, e.g., 'Generates API keys, configures authentication headers, sets up key rotation policies, and validates API credentials'
Include a 'Use when...' clause with natural trigger terms like 'Use when setting up API authentication, generating API keys, configuring API credentials, or implementing key-based security'
Add variations of trigger terms users might naturally say: 'API key', 'API authentication', 'API credentials', 'secure API endpoints', 'API security setup'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only states 'Api Key Auth Setup' without describing any concrete actions. It doesn't explain what the skill actually does - no verbs like 'configures', 'generates', 'validates', or specific capabilities are mentioned. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the title, and there is no 'Use when...' clause or explicit guidance on when Claude should select this skill. Only mentions it's 'Auto-activating' without explaining the trigger conditions. | 1 / 3 |
Trigger Term Quality | The trigger terms are redundant ('api key auth setup' repeated twice) and overly specific. Missing natural variations users might say like 'API authentication', 'secure API', 'API credentials', 'API key generation', or 'authentication setup'. | 1 / 3 |
Distinctiveness Conflict Risk | While 'API key auth' is somewhat specific to authentication, the vague description could overlap with other API-related skills or general authentication skills. The category mention 'API Development' provides some context but isn't sufficient for clear differentiation. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is essentially a placeholder template with no actual instructional value. It describes what a skill about API key auth setup might do without providing any concrete implementation guidance, code examples, or actionable steps. The content fails on all dimensions by being verbose about nothing while providing zero technical substance.
Suggestions
Add concrete, executable code examples showing API key authentication implementation (e.g., middleware for validating API keys, secure storage patterns, header extraction)
Include a clear workflow with numbered steps: generating keys, storing securely, validating in requests, handling invalid/expired keys
Remove all meta-descriptions about what the skill 'provides' and replace with actual technical content that demonstrates the implementation
Add specific security considerations and validation checkpoints (e.g., rate limiting, key rotation, secure comparison to prevent timing attacks)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler with no actual technical substance. It explains what the skill does in abstract terms without providing any concrete implementation details, wasting tokens on meta-descriptions Claude doesn't need. | 1 / 3 |
Actionability | No executable code, commands, or specific guidance is provided. The content only describes what the skill 'could' do in vague terms like 'provides step-by-step guidance' without actually providing any steps or guidance. | 1 / 3 |
Workflow Clarity | No workflow is defined. Despite claiming to provide 'step-by-step guidance,' there are zero actual steps for implementing API key authentication. No validation checkpoints or process sequence exists. | 1 / 3 |
Progressive Disclosure | The content is a flat, repetitive structure with no meaningful organization. No references to detailed documentation, examples, or related files. The sections are redundant and don't build on each other. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
b8a3b3e
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.