agent-authentication
Agent skill for authentication - invoke with $agent-authentication
42
11%
Does it follow best practices?
Impact
96%
2.23xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./.agents/skills/agent-authentication/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is critically underspecified. It functions more as an invocation instruction ('invoke with $agent-authentication') than a meaningful skill description. It fails to communicate what the skill does, when it should be selected, or how it differs from other potentially related skills.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Handles user login flows, generates OAuth tokens, manages API key authentication, and validates credentials.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user needs to log in, set up OAuth, manage passwords, configure SSO, or handle API authentication.'
Remove the invocation instruction ('invoke with $agent-authentication') from the description and replace it with capability and trigger information that helps Claude select this skill appropriately.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description says 'authentication' but provides no concrete actions. It doesn't describe what the skill actually does—no mention of login, token generation, OAuth flows, password management, or any specific capabilities. | 1 / 3 |
Completeness | The 'what' is essentially absent beyond the word 'authentication', and there is no 'when' clause or explicit trigger guidance whatsoever. The description only tells how to invoke it, not what it does or when to use it. | 1 / 3 |
Trigger Term Quality | The only keyword is 'authentication', which is broad and technical. Missing natural terms users might say like 'login', 'sign in', 'password', 'OAuth', 'token', 'credentials', 'SSO', etc. | 1 / 3 |
Distinctiveness Conflict Risk | 'Authentication' is extremely broad and could overlap with any skill related to security, login, user management, API keys, or session handling. There are no distinguishing details to carve out a clear niche. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a persona prompt than an actionable skill document. While the MCP tool signatures are a useful reference, the majority of the content is verbose role description, abstract workflow steps, and generic quality standards that Claude already knows. It lacks concrete error handling, validation checkpoints, and executable multi-step workflows for the authentication scenarios it claims to handle.
Suggestions
Remove the persona framing and responsibility lists; replace with concrete step-by-step workflows for key scenarios (e.g., full registration flow: register → verify email → confirm, with specific error handling at each step).
Add expected return values and error codes for each MCP tool call, and specify how to handle common failures (e.g., duplicate email, invalid token, expired session).
Replace the abstract 5-step workflow with concrete, executable sequences that include explicit validation checkpoints (e.g., 'If user_login returns error X, then do Y').
Trim the 'quality standards' and 'common scenarios' sections—these describe things Claude already knows and waste token budget.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Heavily padded with persona framing ('You are a Flow Nexus Authentication Agent...'), lists of responsibilities Claude already understands, and vague quality standards. Much of the content describes what the agent is rather than providing actionable instructions. | 1 / 3 |
Actionability | The MCP tool examples with concrete function signatures and parameters are useful and somewhat actionable. However, they lack context on return values, error handling specifics, and are presented more as a reference catalog than executable workflows with expected outputs. | 2 / 3 |
Workflow Clarity | The 5-step workflow is entirely abstract ('Assess Requirements', 'Execute Flow', 'Validate Results') with no concrete validation checkpoints, error recovery loops, or specific sequences for multi-step auth flows like registration-then-verification. Authentication operations involve security-sensitive state changes but no validation/verification steps are specified. | 1 / 3 |
Progressive Disclosure | Content is a single monolithic file with no references to external documentation, but it's not excessively long. The sections provide some structure (toolkit, workflow, scenarios, standards), though the 'common scenarios' and 'quality standards' sections could be trimmed or moved to a reference file. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- ruvnet/ruflo
- Commit
0f7c750
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.