building-api-authentication
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill building-api-authenticationBuild secure API authentication systems with OAuth2, JWT, API keys, and session management. Use when implementing secure authentication flows. Trigger with phrases like "build authentication", "add API auth", or "secure the API".
61%
Overall
Validation
Implementation
Activation
Validation
81%| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md line count is 72 (<= 500) | Pass |
frontmatter_valid | YAML frontmatter is valid | Pass |
name_field | 'name' field is valid: 'building-api-authentication' | Pass |
description_field | 'description' field is valid (230 chars) | Pass |
description_voice | 'description' uses third person voice | Pass |
description_trigger_hint | Description includes an explicit trigger hint | Pass |
compatibility_field | 'compatibility' field not present (optional) | Pass |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
metadata_field | 'metadata' field not present (optional) | Pass |
license_field | 'license' field is present: MIT | Pass |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_present | SKILL.md body is present | Pass |
body_examples | Examples detected (code fence or 'Example' wording) | Pass |
body_output_format | Output/return/format terms detected | Pass |
body_steps | Step-by-step structure detected (ordered list) | Pass |
Total | 13 / 16 Passed |
Implementation
22%This skill content is too abstract and generic for its security-critical domain. It lacks any concrete code examples for OAuth2, JWT, or API key implementation despite the description promising these. The workflow has structural issues (duplicate numbering) and critically missing validation steps for authentication systems where security verification is paramount.
Suggestions
- Add concrete, executable code examples for at least one authentication method (e.g., JWT token generation/validation with a specific framework)
- Fix the duplicate step numbering and add explicit security validation checkpoints (e.g., 'Verify token expiration handling', 'Test for common auth vulnerabilities')
- Remove generic boilerplate ('This skill provides automated assistance...') and replace with a brief, actionable quick-start showing a minimal working auth flow
- Include specific commands or tool invocations rather than abstract references like 'Bash(api:auth-*)' - show actual usage patterns
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Contains some unnecessary boilerplate language ('This skill provides automated assistance...') and generic prerequisites that Claude would know, but the instructions themselves are reasonably compact without excessive explanation. | 2 / 3 |
Actionability | Provides only vague, abstract guidance with no concrete code examples, specific commands, or executable snippets. Instructions like 'Implement endpoint handlers with business logic' and 'Add input validation' describe rather than instruct. | 1 / 3 |
Workflow Clarity | Steps are poorly organized with duplicate numbering (two separate lists both starting at 1), no validation checkpoints for security-critical authentication work, and no feedback loops for error recovery in a domain where security validation is essential. | 1 / 3 |
Progressive Disclosure | References external files appropriately (implementation.md, errors.md, examples.md) but the main content lacks substance - it's essentially just pointers to other files without providing a useful quick-start or overview that stands on its own. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
100%This is a well-crafted skill description that clearly defines its scope (API authentication), lists specific technologies it covers, and provides explicit trigger guidance with natural user phrases. It uses proper third-person voice and is concise without being vague. The description effectively distinguishes itself from other potential security or coding skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and technologies: 'OAuth2, JWT, API keys, and session management' along with the action 'Build secure API authentication systems'. | 3 / 3 |
Completeness | Clearly answers both what ('Build secure API authentication systems with OAuth2, JWT, API keys, and session management') and when ('Use when implementing secure authentication flows' plus explicit trigger phrases). | 3 / 3 |
Trigger Term Quality | Includes natural trigger phrases users would say: 'build authentication', 'add API auth', 'secure the API', plus technical terms like OAuth2, JWT, API keys that users would mention. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on API authentication with distinct technologies (OAuth2, JWT, API keys) that wouldn't overlap with general coding or other security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.