agent-authentication
Agent skill for authentication - invoke with $agent-authentication
42
11%
Does it follow best practices?
Impact
96%
2.23xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./.agents/skills/agent-authentication/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is critically underdeveloped. It functions more as an invocation instruction ('invoke with $agent-authentication') than a meaningful skill description. It fails to communicate what the skill does, when it should be used, or what specific authentication tasks it handles.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Manages user login flows, generates OAuth tokens, validates credentials, handles session management.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user needs help with login, sign-in, OAuth, API keys, tokens, passwords, or session handling.'
Remove the invocation instruction ('invoke with $agent-authentication') from the description and replace it with capability and trigger information that helps Claude select this skill appropriately.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description says 'authentication' but provides no concrete actions. It doesn't describe what the skill actually does—no mention of login, token generation, OAuth flows, password management, or any specific capabilities. | 1 / 3 |
Completeness | The 'what' is extremely vague ('authentication') and there is no 'when' clause at all. The description only tells how to invoke the skill, not what it does or when to use it. | 1 / 3 |
Trigger Term Quality | The only keyword is 'authentication', which is broad and technical. Missing natural terms users might say like 'login', 'sign in', 'password', 'OAuth', 'token', 'credentials', 'SSO', etc. | 1 / 3 |
Distinctiveness Conflict Risk | 'Authentication' is very broad and could overlap with many security, login, or identity-related skills. Without specific actions or triggers, it's impossible to distinguish from other auth-related tools. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a persona/role description than actionable instructions. While the MCP tool signatures are a useful reference, the bulk of the content is vague responsibilities, generic quality standards, and abstract workflow steps that don't teach Claude anything it doesn't already know. The skill would benefit greatly from being stripped down to just the tool reference and concrete workflow examples with error handling.
Suggestions
Remove the persona preamble and generic responsibility lists; focus on the MCP tool reference and concrete usage patterns with expected responses and error handling.
Replace the abstract 5-step workflow with specific, executable workflows for each scenario (e.g., registration flow with validation of response, error branching for duplicate emails, etc.).
Add concrete examples of error responses from the MCP tools and how to handle them (e.g., invalid credentials, expired tokens, rate limiting).
Cut the 'Quality standards' section—these are generic security principles Claude already knows—or replace with specific, actionable constraints unique to Flow Nexus.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Heavily padded with role-playing preamble ('You are a Flow Nexus Authentication Agent...'), lists of vague responsibilities Claude already understands (e.g., 'Ensure secure authentication practices and compliance'), and generic quality standards that add no actionable value. Much of this content is filler. | 1 / 3 |
Actionability | The MCP tool call examples are concrete and show specific function signatures with parameters, which is useful. However, the examples are illustrative rather than embedded in real workflows—there's no guidance on handling return values, error codes, or conditional logic based on responses. | 2 / 3 |
Workflow Clarity | The 5-step workflow is entirely abstract ('Assess Requirements', 'Execute Flow', 'Validate Results') with no concrete validation checkpoints, error handling steps, or feedback loops. For authentication operations involving security-sensitive actions, this lack of specificity is a significant gap. | 1 / 3 |
Progressive Disclosure | The content is organized into labeled sections (toolkit, workflow, scenarios, quality standards), which provides some structure. However, it's a monolithic file with no references to external documentation, and the 'common scenarios' section lists topics without linking to detailed guides or examples. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- ruvnet/claude-flow
- Commit
f547cec
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.