kanidm-expert
Expert in Kanidm modern identity management system specializing in user/group management, OAuth2/OIDC, LDAP, RADIUS, SSH key management, WebAuthn, and MFA. Deep expertise in secure authentication flows, credential policies, access control, and platform integrations. Use when implementing identity management, SSO, authentication systems, or securing access to infrastructure.
80
81%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that excels across all dimensions. It clearly identifies the specific system (Kanidm), lists comprehensive concrete capabilities using natural technical terminology, and provides explicit trigger guidance. The description effectively distinguishes itself from generic identity/authentication skills through its Kanidm-specific focus.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and domains: 'user/group management, OAuth2/OIDC, LDAP, RADIUS, SSH key management, WebAuthn, and MFA' along with 'secure authentication flows, credential policies, access control, and platform integrations'. | 3 / 3 |
Completeness | Clearly answers both what ('specializing in user/group management, OAuth2/OIDC, LDAP, RADIUS, SSH key management, WebAuthn, and MFA') and when ('Use when implementing identity management, SSO, authentication systems, or securing access to infrastructure'). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'identity management', 'SSO', 'authentication', 'OAuth2', 'OIDC', 'LDAP', 'RADIUS', 'SSH key', 'WebAuthn', 'MFA' - these are all terms users naturally use when seeking help with identity systems. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive by naming the specific system 'Kanidm' and combining it with a comprehensive list of identity-specific protocols and features. Unlikely to conflict with generic authentication or security skills due to the Kanidm focus. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
62%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides excellent actionable guidance with executable code examples and clear workflows, but is severely bloated. It could be reduced by 60-70% by removing explanations of concepts Claude knows, eliminating redundant security reminders repeated across sections, and moving detailed test suites and integration examples to reference files.
Suggestions
Remove the 'Overview' section listing expertise areas - Claude doesn't need to be told what it's an expert in; start directly with core responsibilities or quick start
Consolidate redundant security advice - the same warnings (WebAuthn for admins, TLS everywhere, never reuse UIDs) appear in sections 5, 8, and 13; keep one authoritative list
Move the extensive test code (sections 6 and 9) to a separate TESTING.md reference file, keeping only 1-2 representative examples inline
Remove explanatory text like 'PDF (Portable Document Format)' equivalents - e.g., don't explain what OAuth2 scopes are or how connection pooling works conceptually
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~1000+ lines with significant redundancy. Explains concepts Claude already knows (what OAuth2 is, what LDAP is, basic Python patterns). Multiple sections repeat the same security advice. The 'Overview' section lists expertise areas Claude doesn't need to be told it has. | 1 / 3 |
Actionability | Provides fully executable code examples throughout - complete bash commands for kanidm CLI, working Python code with proper imports, LDAP queries, and test examples. Commands are copy-paste ready with realistic parameters. | 3 / 3 |
Workflow Clarity | Clear TDD workflow with explicit steps (write failing test → implement minimum → refactor → verify). Security checklists have explicit validation checkpoints. The pre-implementation checklist provides clear phase-based sequencing with verification steps. | 3 / 3 |
Progressive Disclosure | References external files (references/integration-guide.md, references/security-config.md) but the main document is a monolithic wall of text with 14 major sections. Content that could be in separate reference files (full test suites, all performance patterns) is inline, making the skill overwhelming. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
75%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 12 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (1533 lines); consider splitting into references/ and linking | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 12 / 16 Passed | |
- Repository
- martinholovsky/claude-skills-generator
- Commit
1086ef2
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.