kanidm-expert

Expert in Kanidm modern identity management system specializing in user/group management, OAuth2/OIDC, LDAP, RADIUS, SSH key management, WebAuthn, and MFA. Deep expertise in secure authentication flows, credential policies, access control, and platform integrations. Use when implementing identity management, SSO, authentication systems, or securing access to infrastructure.

Quality

81%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Quality

Content

62%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill provides excellent actionable guidance with executable code examples and clear workflows, but is severely bloated. It could be reduced by 60-70% by removing explanations of concepts Claude knows, eliminating redundant security reminders repeated across sections, and moving detailed test suites and integration examples to reference files.

Suggestions

Remove the 'Overview' section listing expertise areas - Claude doesn't need to be told what it's an expert in; start directly with core responsibilities or quick start

Consolidate redundant security advice - the same warnings (WebAuthn for admins, TLS everywhere, never reuse UIDs) appear in sections 5, 8, and 13; keep one authoritative list

Move the extensive test code (sections 6 and 9) to a separate TESTING.md reference file, keeping only 1-2 representative examples inline

Remove explanatory text like 'PDF (Portable Document Format)' equivalents - e.g., don't explain what OAuth2 scopes are or how connection pooling works conceptually

Dimension	Reasoning	Score
Conciseness	Extremely verbose at ~1000+ lines with significant redundancy. Explains concepts Claude already knows (what OAuth2 is, what LDAP is, basic Python patterns). Multiple sections repeat the same security advice. The 'Overview' section lists expertise areas Claude doesn't need to be told it has.	1 / 3
Actionability	Provides fully executable code examples throughout - complete bash commands for kanidm CLI, working Python code with proper imports, LDAP queries, and test examples. Commands are copy-paste ready with realistic parameters.	3 / 3
Workflow Clarity	Clear TDD workflow with explicit steps (write failing test → implement minimum → refactor → verify). Security checklists have explicit validation checkpoints. The pre-implementation checklist provides clear phase-based sequencing with verification steps.	3 / 3
Progressive Disclosure	References external files (references/integration-guide.md, references/security-config.md) but the main document is a monolithic wall of text with 14 major sections. Content that could be in separate reference files (full test suites, all performance patterns) is inline, making the skill overwhelming.	2 / 3
	Total	9 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that excels across all dimensions. It clearly identifies the specific system (Kanidm), lists comprehensive concrete capabilities using natural technical terminology, and provides explicit trigger guidance. The description effectively distinguishes itself from generic identity/authentication skills through its Kanidm-specific focus.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions and domains: 'user/group management, OAuth2/OIDC, LDAP, RADIUS, SSH key management, WebAuthn, and MFA' along with 'secure authentication flows, credential policies, access control, and platform integrations'.	3 / 3
Completeness	Clearly answers both what ('specializing in user/group management, OAuth2/OIDC, LDAP, RADIUS, SSH key management, WebAuthn, and MFA') and when ('Use when implementing identity management, SSO, authentication systems, or securing access to infrastructure').	3 / 3
Trigger Term Quality	Excellent coverage of natural terms users would say: 'identity management', 'SSO', 'authentication', 'OAuth2', 'OIDC', 'LDAP', 'RADIUS', 'SSH key', 'WebAuthn', 'MFA' - these are all terms users naturally use when seeking help with identity systems.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive by naming the specific system 'Kanidm' and combining it with a comprehensive list of identity-specific protocols and features. Unlikely to conflict with generic authentication or security skills due to the Kanidm focus.	3 / 3
	Total	12 / 12 Passed

Validation

75%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 12 / 16 Passed

Validation for skill structure

Criteria	Description	Result
skill_md_line_count	SKILL.md is long (1533 lines); consider splitting into references/ and linking	Warning
metadata_version	'metadata' field is not a dictionary	Warning
license_field	'license' field is missing	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	12 / 16 Passed

Repository: martinholovsky/claude-skills-generator
Commit: 1086ef2

Reviewed: 4 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.