oauth-callback-handler
Oauth Callback Handler - Auto-activating skill for API Integration. Triggers on: oauth callback handler, oauth callback handler Part of the API Integration skill category.
35
3%
Does it follow best practices?
Impact
94%
0.98xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/16-api-integration/oauth-callback-handler/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially just a title repeated as trigger terms with no substantive content. It fails to explain what concrete actions the skill performs, provides no natural trigger terms beyond the skill name itself, and lacks any explicit guidance on when Claude should select it. It reads like auto-generated boilerplate rather than a useful skill description.
Suggestions
Add concrete actions the skill performs, e.g., 'Handles OAuth 2.0 callback redirects, exchanges authorization codes for access tokens, validates state parameters, and stores refresh tokens.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user needs to handle OAuth redirects, process authorization callbacks, exchange auth codes for tokens, or set up OAuth callback endpoints.'
Include natural keyword variations users might say: 'OAuth redirect', 'authorization code', 'callback URL', 'OAuth token exchange', 'OAuth2 flow', 'authentication callback'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description provides no concrete actions. 'Oauth Callback Handler' names a concept but doesn't describe what it actually does (e.g., 'handles redirect URIs', 'exchanges authorization codes for tokens', 'stores OAuth tokens'). 'Auto-activating skill for API Integration' is vague filler. | 1 / 3 |
Completeness | The 'what' is extremely weak — it doesn't explain what the skill actually does beyond its name. The 'when' is missing entirely; there is no 'Use when...' clause or equivalent explicit trigger guidance. | 1 / 3 |
Trigger Term Quality | The trigger terms are just 'oauth callback handler' repeated twice. Missing natural variations users would say like 'OAuth redirect', 'authorization code exchange', 'OAuth token', 'callback URL', 'OAuth flow', or 'authentication callback'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'OAuth callback handler' is somewhat specific to a particular niche (OAuth callback handling), which provides some distinctiveness. However, the vague 'API Integration' category label could cause overlap with other API-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is a hollow placeholder that provides no actual technical guidance on implementing OAuth callback handlers. It consists entirely of meta-descriptions and trigger phrases, with no code examples, no concrete steps, and no references to supporting materials. It fails on every dimension of the rubric.
Suggestions
Add concrete, executable code examples showing how to implement an OAuth callback handler (e.g., Express.js or Flask route handling the callback, token exchange logic, error handling).
Define a clear multi-step workflow: register OAuth app → configure redirect URI → handle callback → exchange code for token → validate token → store credentials, with validation checkpoints at each stage.
Remove all meta-description sections ('When to Use', 'Example Triggers', 'Capabilities') that describe the skill abstractly and replace them with actual technical content covering security considerations (state parameter, PKCE), common pitfalls, and provider-specific notes.
Add references to detailed guides for specific OAuth providers (e.g., Google, GitHub) or link to separate files covering advanced topics like token refresh, scope management, and error recovery.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and meta-description. It explains what the skill does in abstract terms without providing any actual technical content. Every section restates the same vague idea—that it helps with 'oauth callback handler'—without adding substance. | 1 / 3 |
Actionability | There is zero concrete guidance—no code, no commands, no specific steps, no examples of OAuth callback implementations. The content describes rather than instructs, offering nothing executable or copy-paste ready. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps, no sequence, no validation checkpoints. The phrase 'step-by-step guidance' is promised but never delivered. | 1 / 3 |
Progressive Disclosure | The content is a flat, monolithic block of vague descriptions with no references to detailed materials, no links to implementation guides, and no structured navigation to deeper content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
4dee593
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.