oauth2-flow-helper
Oauth2 Flow Helper - Auto-activating skill for Security Fundamentals. Triggers on: oauth2 flow helper, oauth2 flow helper Part of the Security Fundamentals skill category.
34
3%
Does it follow best practices?
Impact
90%
1.00xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/oauth2-flow-helper/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is extremely weak across all dimensions. It reads as an auto-generated stub with no meaningful content — it merely names the skill and its category without describing any concrete capabilities, use cases, or natural trigger terms. It would be nearly impossible for Claude to reliably select this skill from a pool of available skills.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Guides implementation of OAuth2 authorization code flow, client credentials flow, and PKCE. Helps configure redirect URIs, generate and refresh access tokens, and troubleshoot token exchange errors.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about OAuth2, OAuth, authorization flows, access tokens, refresh tokens, PKCE, client credentials, or API authentication.'
Remove the duplicated trigger term ('oauth2 flow helper' listed twice) and replace with diverse, natural keywords users would actually use when seeking help with OAuth2.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description provides no concrete actions. It says 'Oauth2 Flow Helper' but never describes what it actually does — no mention of specific capabilities like generating tokens, handling authorization codes, configuring redirect URIs, etc. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no explanation of capabilities and no explicit 'Use when...' clause with meaningful triggers. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'oauth2 flow helper' repeated twice. These are not natural terms users would say — users are more likely to say 'OAuth', 'authorization code', 'access token', 'refresh token', 'OAuth redirect', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The mention of 'OAuth2' and 'Security Fundamentals' provides some domain specificity that narrows the scope, but the lack of concrete actions means it could still overlap with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty placeholder that provides absolutely no substantive content about OAuth2 flows. It contains only generic boilerplate text that repeats the skill name without any actual instructions, code examples, security guidance, or workflow steps. It would be entirely useless to Claude in performing any OAuth2-related task.
Suggestions
Add concrete, executable code examples for common OAuth2 flows (Authorization Code, Client Credentials, PKCE) with specific HTTP requests and token handling patterns.
Define a clear step-by-step workflow for implementing an OAuth2 flow, including validation checkpoints such as verifying token expiry, validating redirect URIs, and checking scopes.
Remove all boilerplate sections (Purpose, When to Use, Capabilities, Example Triggers) and replace with actionable content: specific grant type selection guidance, security pitfalls (e.g., state parameter for CSRF, PKCE for public clients), and concrete configuration examples.
Add references to detailed sub-documents for specific flows (e.g., AUTHORIZATION_CODE.md, CLIENT_CREDENTIALS.md) if the topic is too broad for a single file.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and boilerplate. It explains nothing Claude doesn't already know, repeats 'oauth2 flow helper' excessively, and contains zero substantive information about OAuth2 flows. | 1 / 3 |
Actionability | There is no concrete guidance whatsoever—no code, no commands, no specific steps, no examples of OAuth2 flows, grant types, token handling, or any actionable instruction. It only describes what the skill claims to do without actually doing it. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps, no sequence, no validation checkpoints. The content merely states it 'provides step-by-step guidance' without actually including any steps. | 1 / 3 |
Progressive Disclosure | The content is a flat, monolithic placeholder with no meaningful structure, no references to detailed materials, and no navigation to deeper content about specific OAuth2 grant types or security considerations. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
c8a915c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.