bearer-token-validator
Bearer Token Validator - Auto-activating skill for API Development. Triggers on: bearer token validator, bearer token validator Part of the API Development skill category.
34
3%
Does it follow best practices?
Impact
88%
0.97xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/15-api-development/bearer-token-validator/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is extremely weak—it is essentially a title repeated as a trigger term with no substantive explanation of capabilities, actions, or usage conditions. It reads like auto-generated boilerplate rather than a useful skill description. It would be nearly impossible for Claude to reliably select this skill over others based on this description alone.
Suggestions
Add concrete actions the skill performs, e.g., 'Validates bearer tokens in API requests, checks JWT expiration and signatures, verifies token claims against expected values, and returns appropriate HTTP 401/403 responses.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user needs to validate authorization headers, verify JWTs, check OAuth bearer tokens, or implement token-based authentication middleware.'
Remove the duplicated trigger term and expand to include natural variations users would say: 'JWT', 'auth token', 'authorization header', 'token verification', 'access token', 'OAuth'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the concept 'Bearer Token Validator' but provides no concrete actions—it doesn't explain what it actually does (e.g., validate tokens, check expiration, verify signatures, decode JWTs). 'Auto-activating skill for API Development' is vague filler. | 1 / 3 |
Completeness | The 'what' is essentially absent—there are no described capabilities beyond the name. The 'when' is limited to a duplicated trigger phrase with no explicit 'Use when...' clause or meaningful trigger guidance. | 1 / 3 |
Trigger Term Quality | The trigger terms are just 'bearer token validator' repeated twice. It misses natural variations users would say like 'JWT validation', 'auth token', 'authorization header', 'token verification', 'access token', or 'OAuth bearer'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'bearer token validator' is somewhat specific to a niche area, which reduces conflict risk slightly. However, the lack of detail about what it does versus other API security or authentication skills means overlap is still possible. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty shell with no actionable content whatsoever. It consists entirely of boilerplate meta-descriptions that repeat 'bearer token validator' without ever explaining how to validate a bearer token. It provides no code, no concrete guidance, no workflow, and no references to further resources.
Suggestions
Add concrete, executable code examples showing bearer token validation (e.g., Express.js middleware, FastAPI dependency, or similar) with proper JWT verification logic.
Define a clear workflow: receive token → extract from Authorization header → verify signature → check expiration/claims → handle errors, with explicit validation steps.
Remove all meta-description sections ('When to Use', 'Example Triggers', 'Capabilities') that describe the skill rather than teaching the task—these waste tokens without adding value.
Include specific security guidance such as algorithm pinning (e.g., reject 'none' algorithm), token expiration handling, and common pitfalls like not validating the issuer claim.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and meta-description. It explains what the skill does in abstract terms without providing any actual technical content. Every section restates the same vague idea—'bearer token validator'—without adding substance. | 1 / 3 |
Actionability | There is zero concrete guidance—no code, no commands, no examples of token validation logic, no library recommendations, no middleware patterns. It only describes rather than instructs. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process is defined. The skill claims to provide 'step-by-step guidance' but contains none. There are no validation checkpoints or sequenced instructions. | 1 / 3 |
Progressive Disclosure | The content is a flat, monolithic block of generic descriptions with no references to detailed files, no structured navigation, and no separation of concerns. There is nothing to progressively disclose because there is no real content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
4dee593
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.