guidewire-install-auth

Authenticate production Guidewire Cloud API integrations and survive the auth-side failures — token expiry storms, scope drift, private-CA PKIX errors, secret rotation. Use when hardening OAuth2 token caching, configuring JVM trust stores, or rotating client secrets without downtime. Trigger with "guidewire auth", "guidewire OAuth2", "guidewire token cache", "guidewire PKIX", "guidewire secret rotation".

Quality

—

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Quality

Content

85%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A high-quality production auth skill with executable code, a sequenced workflow with validation feedback loops, and clean progressive disclosure via real reference files. The only weakness is moderate prose padding in the Overview and rationale duplication that could be trimmed for token efficiency.

Suggestions

Trim the rhetorical Overview framing ('not a hello-world walkthrough; ... the auth code your service runs at 3am') into a tighter statement of the four failure modes it prevents.

Avoid restating the single-flight-gate and sed-regex rationale in prose immediately after the same point is made in code comments; keep one or the other.

Collapse the 'Instructions' four-step summary where it duplicates the section headings that immediately follow it.

Dimension	Reasoning	Score
Conciseness	Mostly efficient and dense with Guidewire-specific operational knowledge Claude does not already have, but the Overview narrative ('not a hello-world walkthrough; ... the auth code your service runs at 3am') and rationale repeated in prose after code comments could be tightened, so it sits below the lean top anchor.	2 / 3
Actionability	Provides fully executable, copy-paste-ready TypeScript (getToken, scope-drift check), keytool/openssl/sops bash commands, and specific examples — matching the top anchor.	3 / 3
Workflow Clarity	A clearly numbered four-step build sequence, each tied to a failure mode, with explicit validation checkpoints (scope-drift check on every refresh, 24h-zero-failures monitoring before promoting the secondary secret) and an error-handling table for recovery.	3 / 3
Progressive Disclosure	SKILL.md is an overview with well-signaled, one-level-deep references to real bundle files references/implementation-guide.md and references/API_REFERENCE.md, plus a See Also for sibling skills; deeper material is appropriately split out.	3 / 3
	Total	11 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, specific description with concrete actions, natural trigger terms, an explicit use-when clause, and a clearly distinct niche. Third-person voice is maintained throughout, so no voice penalty applies.

Dimension	Reasoning	Score
Specificity	Lists multiple concrete actions — 'Authenticate production Guidewire Cloud API integrations', 'hardening OAuth2 token caching', 'configuring JVM trust stores', 'rotating client secrets without downtime' — matching the top anchor.	3 / 3
Completeness	Clearly answers both what (authenticate + survive auth-side failures) and when via an explicit 'Use when...' clause, matching the top anchor.	3 / 3
Trigger Term Quality	Explicit natural trigger phrases a user would say — 'guidewire auth', 'guidewire OAuth2', 'guidewire token cache', 'guidewire PKIX', 'guidewire secret rotation' — with good coverage of variations.	3 / 3
Distinctiveness Conflict Risk	Narrow Guidewire Cloud API auth niche with 'guidewire'-prefixed triggers makes it clearly distinguishable and unlikely to fire for the wrong skill.	3 / 3
	Total	12 / 12 Passed

Validation

81%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 13 / 16 Passed

Validation for skill structure

Criteria	Description	Result
allowed_tools_field	'allowed-tools' contains unusual tool name(s)	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning
referenced_paths_exist	Referenced path issues: 1 missing	Warning

	Total	13 / 16 Passed

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 6e3a65f

Reviewed: 4 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.