building-api-authentication
Build secure API authentication systems with OAuth2, JWT, API keys, and session management. Use when implementing secure authentication flows. Trigger with phrases like "build authentication", "add API auth", or "secure the API".
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill building-api-authenticationOverall
score
61%
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that clearly defines its scope (API authentication), lists specific technologies it covers, and provides explicit trigger guidance with natural user phrases. It uses proper third-person voice and is concise without being vague. The description effectively distinguishes itself from other potential security or coding skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and technologies: 'OAuth2, JWT, API keys, and session management' along with the action 'Build secure API authentication systems'. | 3 / 3 |
Completeness | Clearly answers both what ('Build secure API authentication systems with OAuth2, JWT, API keys, and session management') and when ('Use when implementing secure authentication flows' plus explicit trigger phrases). | 3 / 3 |
Trigger Term Quality | Includes natural trigger phrases users would say: 'build authentication', 'add API auth', 'secure the API', plus technical terms like OAuth2, JWT, API keys that users would mention. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on API authentication with distinct technologies (OAuth2, JWT, API keys) that wouldn't overlap with general coding or other security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is too abstract and generic for its security-critical domain. It lacks any concrete code examples for OAuth2, JWT, or API key implementation despite the description promising these. The workflow has structural issues (duplicate numbering) and critically missing validation steps for authentication systems where security verification is paramount.
Suggestions
Add concrete, executable code examples for at least one authentication method (e.g., JWT token generation/validation with a specific framework)
Fix the duplicate step numbering and add explicit security validation checkpoints (e.g., 'Verify token expiration handling', 'Test for common auth vulnerabilities')
Remove generic boilerplate ('This skill provides automated assistance...') and replace with a brief, actionable quick-start showing a minimal working auth flow
Include specific commands or tool invocations rather than abstract references like 'Bash(api:auth-*)' - show actual usage patterns
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Contains some unnecessary boilerplate language ('This skill provides automated assistance...') and generic prerequisites that Claude would know, but the instructions themselves are reasonably compact without excessive explanation. | 2 / 3 |
Actionability | Provides only vague, abstract guidance with no concrete code examples, specific commands, or executable snippets. Instructions like 'Implement endpoint handlers with business logic' and 'Add input validation' describe rather than instruct. | 1 / 3 |
Workflow Clarity | Steps are poorly organized with duplicate numbering (two separate lists both starting at 1), no validation checkpoints for security-critical authentication work, and no feedback loops for error recovery in a domain where security validation is essential. | 1 / 3 |
Progressive Disclosure | References external files appropriately (implementation.md, errors.md, examples.md) but the main content lacks substance - it's essentially just pointers to other files without providing a useful quick-start or overview that stands on its own. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 13 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 13 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.