oauth-callback-handler
Oauth Callback Handler - Auto-activating skill for API Integration. Triggers on: oauth callback handler, oauth callback handler Part of the API Integration skill category.
35
3%
Does it follow best practices?
Impact
94%
0.98xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/16-api-integration/oauth-callback-handler/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is extremely weak across all dimensions. It merely names the skill and its category without describing any concrete actions, use cases, or natural trigger terms. The duplicated trigger phrase and absence of a 'Use when...' clause make it nearly useless for skill selection among multiple options.
Suggestions
Add concrete actions describing what the skill does, e.g., 'Handles OAuth 2.0 callback redirects, exchanges authorization codes for access tokens, and stores credentials securely.'
Add an explicit 'Use when...' clause with natural trigger scenarios, e.g., 'Use when the user needs to handle OAuth redirects, process authorization callbacks, exchange auth codes for tokens, or set up OAuth callback endpoints.'
Include natural keyword variations users might say: 'OAuth redirect', 'authorization code', 'callback URL', 'access token exchange', 'OAuth2 flow', 'authentication callback'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description provides no concrete actions. 'Oauth Callback Handler' names a concept but doesn't describe what it actually does (e.g., 'handles redirect URIs', 'exchanges authorization codes for tokens', 'stores OAuth tokens'). 'Auto-activating skill for API Integration' is vague filler. | 1 / 3 |
Completeness | The 'what' is essentially absent—it only names the skill without explaining what it does. The 'when' is limited to a redundant trigger phrase with no explicit 'Use when...' clause describing scenarios that should activate this skill. | 1 / 3 |
Trigger Term Quality | The trigger terms are just 'oauth callback handler' repeated twice. Missing natural variations users would say like 'OAuth redirect', 'authorization code exchange', 'OAuth token', 'callback URL', 'OAuth flow', 'access token', or 'authentication callback'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'oauth callback handler' is somewhat specific to a niche (OAuth callback handling), which provides some distinctiveness. However, the broad 'API Integration' category label and lack of specificity could cause overlap with other OAuth or API-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty shell with no actual instructional content. It consists entirely of meta-descriptions and trigger phrases that repeat 'oauth callback handler' without ever explaining how to implement one. There is no code, no concrete guidance, no workflow, and no references to supplementary materials.
Suggestions
Add concrete, executable code examples showing a complete OAuth callback handler implementation (e.g., Express.js or Flask route handling the callback, exchanging authorization code for tokens).
Define a clear multi-step workflow: register OAuth app → configure redirect URI → implement callback endpoint → validate state parameter → exchange code for token → store tokens securely, with validation checkpoints at each step.
Remove all meta-description sections ('When to Use', 'Example Triggers', 'Capabilities') that describe the skill abstractly and replace them with actual technical content covering security considerations (CSRF/state validation, PKCE), token storage, and error handling.
Add references to supplementary files for advanced topics like token refresh flows, multi-provider support, or specific OAuth provider quirks (e.g., See [PROVIDERS.md] for provider-specific configuration).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and meta-description. It explains what the skill does in abstract terms without providing any actual technical content. Every section restates the same vague idea—that it helps with 'oauth callback handler'—without adding substance. | 1 / 3 |
Actionability | There is zero concrete guidance—no code, no commands, no specific steps, no examples of OAuth callback implementations. The content describes rather than instructs, offering nothing executable or copy-paste ready. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps, no sequence, no validation checkpoints. The phrase 'step-by-step guidance' is promised but never delivered. | 1 / 3 |
Progressive Disclosure | The content is a flat, monolithic block of vague descriptions with no references to detailed materials, no links to implementation guides, and no structured navigation to deeper content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
b8a3b3e
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.