validating-authentication-implementations
This skill enables Claude to validate authentication implementations against security best practices and industry standards. It analyzes various authentication methods, including JWT, OAuth, session-based authentication, and API keys. Use this skill when you need to perform an authentication security check, assess password policies, evaluate MFA implementation, or analyze session security. Trigger this skill with phrases like "validate authentication," "authentication check," or "authcheck."
81
53%
Does it follow best practices?
Impact
83%
1.07xAverage score across 15 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/authentication-validator/skills/authentication-validator/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that clearly defines its scope (authentication security validation), lists specific capabilities (JWT, OAuth, session-based auth, API keys, password policies, MFA), and provides explicit trigger guidance. The only minor issue is the use of second person ('you need to') in the 'Use when' clause, but the description is otherwise strong and distinctive.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description lists multiple specific concrete actions: validate authentication implementations, analyze JWT/OAuth/session-based/API key methods, assess password policies, evaluate MFA implementation, and analyze session security. | 3 / 3 |
Completeness | Clearly answers both 'what' (validates authentication implementations, analyzes various auth methods) and 'when' (explicit 'Use this skill when...' clause with specific triggers and a 'Trigger this skill with phrases like...' clause). | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms: 'validate authentication,' 'authentication check,' 'authcheck,' 'password policies,' 'MFA implementation,' 'session security,' 'JWT,' 'OAuth,' 'API keys.' These cover a good range of terms users would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Clearly scoped to authentication security validation specifically, with distinct triggers like 'authcheck,' 'validate authentication,' and specific domains like JWT, OAuth, MFA, and session security. Unlikely to conflict with general security or code review skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads like a marketing description or README rather than actionable instructions for Claude. It lacks any concrete code, commands, tool invocation syntax, or specific validation logic. The content repeatedly explains concepts Claude already understands and describes what the skill does in abstract terms rather than providing executable guidance.
Suggestions
Replace abstract descriptions with concrete tool invocation syntax showing exactly how to call the 'authentication-validator' plugin, including input parameters and expected output format.
Add executable code examples or specific command-line invocations instead of narrative descriptions of what the skill 'will do.'
Remove the 'When to Use This Skill' and 'How It Works' sections, which restate the description without adding actionable information, and replace with actual validation checklists or schemas.
Include a concrete example of the security report output format (e.g., JSON schema) so Claude knows exactly what to produce.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what JWT is, what session cookies are, what password hashing is). The 'How It Works,' 'When to Use,' and 'Integration' sections are padded with generic descriptions that add no actionable value. Much of the content restates the description. | 1 / 3 |
Actionability | There is no concrete code, no executable commands, no specific validation logic, and no actual tool invocations. The skill references an 'authentication-validator plugin' but never shows how to invoke it, what its API looks like, or what its output format is. The examples describe what the skill 'will do' rather than providing actionable instructions. | 1 / 3 |
Workflow Clarity | The steps listed are abstract descriptions of what happens ('activate plugin,' 'analyze,' 'generate report') rather than concrete, sequenced instructions with validation checkpoints. There are no feedback loops, no error handling, and no verification steps for the security assessment process. | 1 / 3 |
Progressive Disclosure | The content has some structural organization with headers and sections, but there are no references to external files and the content is somewhat monolithic. The best practices section could be a separate reference, and there's no clear navigation to deeper resources. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Commit
13d35b8
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.