claims
Claims-based authorization for agents and operations. Grant, revoke, and verify permissions for secure multi-agent coordination. Use when: permission management, access control, secure operations, authorization checks. Skip when: open access, no security requirements, single-agent local work.
89
84%
Does it follow best practices?
Impact
97%
1.79xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly communicates its purpose and provides explicit trigger guidance with both 'Use when' and 'Skip when' clauses. The main weakness is that the capability actions (grant, revoke, verify) are somewhat generic and could benefit from more concrete specifics about what claims-based authorization entails in practice. Overall, it performs well on completeness and distinctiveness.
Suggestions
Add more specific concrete actions beyond 'grant, revoke, verify' — e.g., 'create permission claims, validate agent tokens, enforce role-based policies, audit authorization logs' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (claims-based authorization) and some actions (grant, revoke, verify permissions), but the actions are somewhat generic and don't describe concrete implementation details like specific claim types, token handling, or policy enforcement mechanisms. | 2 / 3 |
Completeness | Clearly answers both 'what' (claims-based authorization, grant/revoke/verify permissions for multi-agent coordination) and 'when' with explicit 'Use when' and 'Skip when' clauses listing specific trigger scenarios. | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms: 'permission management', 'access control', 'authorization checks', 'secure operations', 'multi-agent coordination'. These are terms users would naturally use when needing this capability. The 'Skip when' clause also helps disambiguate. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of 'claims-based authorization', 'multi-agent coordination', and the specific 'Skip when' clause creates a clear niche that is unlikely to conflict with general security or authentication skills. The domain is well-scoped. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
79%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a clean, concise reference skill with strong actionability through concrete CLI commands and well-organized tables. Its main weakness is the lack of a sequenced workflow showing how claims management fits into a typical agent setup or operation lifecycle, which is important for security-sensitive operations. Adding a brief workflow with verification steps would elevate this skill significantly.
Suggestions
Add a sequenced workflow section showing a typical claims management flow: e.g., 1) Check existing claims, 2) Grant needed claims with scope, 3) Verify grant succeeded with `claims check`, 4) Perform operation, 5) Revoke temporary claims.
Include a verification/validation step after grant and revoke operations to confirm the action took effect, especially since these are security-sensitive operations.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and well-structured with tables for quick reference. No unnecessary explanations of what authorization or claims are—it assumes Claude understands these concepts and jumps straight to the specifics. | 3 / 3 |
Actionability | Provides fully executable CLI commands for all operations (check, grant, revoke, list) with concrete flags and example values. Scope patterns and security levels are specific and immediately usable. | 3 / 3 |
Workflow Clarity | Commands are listed individually but there's no sequenced workflow showing how to set up authorization for a new agent (e.g., check existing claims → grant needed claims → verify → proceed). For security-sensitive operations, missing validation/verification steps (e.g., confirming a grant succeeded, checking before revoking) is a notable gap. | 2 / 3 |
Progressive Disclosure | Content is well-organized with clear sections and tables, but everything is inline in a single file. For a security-focused skill, references to more detailed documentation on audit procedures, scope pattern syntax, or integration with multi-agent workflows would improve navigation. However, the skill is relatively short so this is a minor issue. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- ruvnet/claude-flow
- Commit
9d4a9ea
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.