api-key-auth-setup
Api Key Auth Setup - Auto-activating skill for API Development. Triggers on: api key auth setup, api key auth setup Part of the API Development skill category.
36
3%
Does it follow best practices?
Impact
100%
1.00xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/15-api-development/api-key-auth-setup/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a very weak description that essentially just restates the skill name without providing any meaningful detail about capabilities, concrete actions, or usage triggers. It reads as auto-generated boilerplate with no substantive content to help Claude distinguish when to select this skill over others.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Generates API keys, configures key-based authentication middleware, sets up key validation and rotation policies, and adds rate limiting per API key.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user needs to set up API key authentication, secure API endpoints with keys, generate or manage API tokens, or implement key-based access control.'
Remove the duplicated trigger term and expand with natural variations users would say, such as 'API key', 'API authentication', 'API token', 'secure endpoint', 'auth header', 'key management'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the domain ('API Development') and repeats the skill name ('api key auth setup') without describing any concrete actions like generating keys, configuring middleware, setting up authentication headers, or validating API keys. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name itself, and the 'when' clause is essentially just the skill name repeated. There is no explicit 'Use when...' guidance with meaningful trigger scenarios. | 1 / 3 |
Trigger Term Quality | The trigger terms are just the skill name repeated twice ('api key auth setup'). It misses natural variations users would say like 'API authentication', 'API key', 'secure API endpoint', 'auth middleware', 'API token', or 'key-based authentication'. | 1 / 3 |
Distinctiveness Conflict Risk | The phrase 'api key auth setup' is somewhat specific to API key authentication as opposed to other auth methods (OAuth, JWT), but the lack of detail about what it actually does means it could overlap with broader API development or authentication skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty shell with no actual instructional content. It consists entirely of meta-descriptions about what the skill supposedly does without providing any concrete guidance on API key authentication setup—no code examples, no security best practices, no implementation patterns, and no workflow steps. It fails on every dimension of the rubric.
Suggestions
Add concrete, executable code examples showing API key authentication implementation (e.g., middleware for Express/FastAPI, header validation, key storage patterns)
Include a clear step-by-step workflow: generate key, store securely, validate in middleware, handle errors, with explicit validation checkpoints
Add security best practices specific to API key auth (e.g., hashing keys at rest, rate limiting, key rotation, using environment variables) as actionable instructions rather than vague references
Remove all boilerplate meta-descriptions ('This skill provides automated assistance...', 'Example Triggers', etc.) and replace with actual technical content
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and boilerplate. It explains nothing Claude doesn't already know, repeats the trigger phrase 'api key auth setup' excessively, and provides zero technical substance. Every section restates the same vague idea. | 1 / 3 |
Actionability | There is no concrete code, no commands, no specific implementation guidance, no examples of API key authentication patterns, no code snippets, and no executable steps. It only describes what the skill could do in abstract terms. | 1 / 3 |
Workflow Clarity | There is no workflow, no sequence of steps, no validation checkpoints, and no process for actually setting up API key authentication. The phrase 'step-by-step guidance' is mentioned but never delivered. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of vague descriptions with no references to supporting files, no structured navigation, and no separation of overview from detail. There are no bundle files to reference either, but the content itself lacks any meaningful organization. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3a2d27d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.