oauth-callback-handler
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill oauth-callback-handlerOauth Callback Handler - Auto-activating skill for API Integration. Triggers on: oauth callback handler, oauth callback handler Part of the API Integration skill category.
Overall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is severely underdeveloped, essentially just restating the skill name without explaining what it does or when to use it. It lacks any concrete actions, meaningful trigger terms, or explicit usage guidance. The only slight positive is that 'OAuth callback' is a specific enough technical domain to provide minimal distinctiveness.
Suggestions
Add concrete actions describing what the skill does, e.g., 'Handles OAuth 2.0 authorization callbacks, exchanges authorization codes for access tokens, validates state parameters, and stores credentials securely.'
Include a 'Use when...' clause with natural trigger terms like 'OAuth redirect', 'authorization callback', 'handle OAuth response', 'token exchange', 'OAuth flow completion', or 'callback URL'.
Remove the duplicate trigger term and expand to cover variations users might actually say when needing OAuth callback handling.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Oauth Callback Handler') and mentions it's for 'API Integration' but provides no concrete actions. There's no explanation of what the skill actually does - no verbs describing capabilities like 'processes tokens', 'validates callbacks', or 'exchanges authorization codes'. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name, and the 'when' guidance is essentially non-existent - just repeating the skill name as a trigger. There's no explicit 'Use when...' clause or meaningful trigger guidance. | 1 / 3 |
Trigger Term Quality | The trigger terms are just the skill name repeated twice ('oauth callback handler, oauth callback handler'). This is redundant and misses natural variations users might say like 'OAuth redirect', 'authorization callback', 'handle OAuth response', 'token exchange', or 'OAuth flow'. | 1 / 3 |
Distinctiveness Conflict Risk | While 'OAuth callback handler' is a fairly specific technical concept that wouldn't overlap with most skills, the vague 'API Integration' category and lack of specific triggers could cause confusion with other API-related skills. The OAuth focus provides some distinctiveness. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill is an empty template with no actual content about OAuth callback handling. It contains only generic placeholder text that could apply to any skill topic, providing zero value for implementing OAuth callbacks, handling authorization codes, token exchange, or any related security considerations.
Suggestions
Add concrete code examples showing OAuth callback endpoint implementation (e.g., handling authorization codes, exchanging for tokens, validating state parameters)
Include a clear workflow with security validation steps: verify state parameter, exchange code for token, validate token response, handle errors
Provide specific guidance on common OAuth providers (Google, GitHub, etc.) or link to provider-specific reference files
Remove all generic boilerplate ('provides automated assistance', 'follows best practices') and replace with actual OAuth callback implementation details
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with zero actionable information. | 1 / 3 |
Actionability | Contains no concrete code, commands, or specific guidance whatsoever. The entire skill describes what it does in abstract terms without providing any actual implementation details for OAuth callback handling. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps, no sequence, and no validation checkpoints. OAuth callback handling involves specific security-sensitive steps that are completely absent. | 1 / 3 |
Progressive Disclosure | The content is a flat, generic template with no meaningful structure. There are no references to detailed documentation, no code examples to link to, and no organization beyond boilerplate headings. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.