oauth2-flow-helper
Oauth2 Flow Helper - Auto-activating skill for Security Fundamentals. Triggers on: oauth2 flow helper, oauth2 flow helper Part of the Security Fundamentals skill category.
Overall
score
23%
Does it follow best practices?
Validation for skill structure
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill oauth2-flow-helperActivation
7%This description is severely lacking in all key areas. It reads like auto-generated boilerplate rather than a useful skill description, providing no information about what actions the skill performs or when it should be selected. The repeated trigger term and vague category reference offer no value for skill selection.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Implements OAuth2 authorization code flow, generates access tokens, handles refresh token rotation, validates JWT tokens'
Add a 'Use when...' clause with natural trigger terms like 'Use when implementing login, authentication, authorization, access tokens, refresh tokens, or OAuth integration'
Include common user phrases and file types, e.g., 'OAuth, login flow, API authentication, bearer tokens, client credentials'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague language like 'Auto-activating skill for Security Fundamentals' without describing any concrete actions. It does not explain what the skill actually does with OAuth2 flows. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond naming itself, and provides no 'when should Claude use it' guidance. There is no 'Use when...' clause or equivalent explicit trigger guidance. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'oauth2 flow helper' repeated twice, which is technical jargon rather than natural language users would say. Missing common variations like 'authentication', 'login flow', 'access token', 'authorization'. | 1 / 3 |
Distinctiveness Conflict Risk | While 'OAuth2' is somewhat specific to authentication/authorization domain, the lack of concrete actions means it could overlap with other security-related skills. The term 'Security Fundamentals' is generic. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
7%This skill is a placeholder template with no actual OAuth2 content. It describes capabilities in abstract terms but provides zero actionable guidance on OAuth2 flows, token handling, security considerations, or implementation patterns. The skill would be useless for helping with any real OAuth2 task.
Suggestions
Add concrete code examples for common OAuth2 flows (authorization code with PKCE, client credentials, refresh token handling)
Include specific security validation steps such as state parameter verification, token validation, and secure storage practices
Provide a clear workflow for implementing OAuth2: 1) Configure client, 2) Build authorization URL, 3) Handle callback, 4) Exchange code for tokens, 5) Validate and store tokens
Remove generic boilerplate sections ('Capabilities', 'Example Triggers') and replace with actual OAuth2 implementation guidance
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that provides no actual OAuth2 information. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that Claude doesn't need. | 1 / 3 |
Actionability | No concrete code, commands, or specific OAuth2 flow guidance is provided. The content describes what the skill does abstractly but never shows how to implement any OAuth2 flow (authorization code, PKCE, client credentials, etc.). | 1 / 3 |
Workflow Clarity | No workflow steps are defined. Claims to provide 'step-by-step guidance' but includes zero actual steps for any OAuth2 implementation process. | 1 / 3 |
Progressive Disclosure | The content is organized into clear sections with headers, but there's no substantive content to disclose. No references to detailed documentation or examples that would provide actual OAuth2 implementation details. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.