agent-authentication
Agent skill for authentication - invoke with $agent-authentication
42
11%
Does it follow best practices?
Impact
96%
2.23xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./.agents/skills/agent-authentication/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is extremely minimal and provides almost no useful information for skill selection. It only names a broad domain ('authentication') and an invocation command, without describing any concrete capabilities, use cases, or trigger conditions. It would be nearly impossible for Claude to reliably select this skill over others in a multi-skill environment.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Manages user login flows, generates OAuth tokens, validates credentials, handles session management.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user needs help with login, sign-in, OAuth, API tokens, credentials, passwords, or session authentication.'
Remove the invocation instruction ('invoke with $agent-authentication') from the description and replace it with capability and context information that helps Claude decide when to select this skill.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description says 'authentication' but provides no concrete actions. It doesn't describe what the skill actually does—no mention of login, token generation, OAuth flows, password management, or any specific capabilities. | 1 / 3 |
Completeness | The 'what' is extremely vague ('authentication') and there is no 'when' clause at all. The description only tells how to invoke the skill, not what it does or when to use it. | 1 / 3 |
Trigger Term Quality | The only keyword is 'authentication', which is broad and technical. Missing natural terms users might say like 'login', 'sign in', 'password', 'OAuth', 'token', 'credentials', 'SSO', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'authentication' is very broad and could overlap with many security, login, or identity-related skills. There are no distinguishing details to carve out a clear niche. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a persona/role description than actionable instructions. While the MCP tool signatures are a useful reference, the majority of the content is generic guidance about authentication best practices and vague workflow steps that Claude already knows. The skill would benefit greatly from being stripped down to just the tool reference and concrete multi-step workflow examples with validation checkpoints.
Suggestions
Remove the persona description and generic responsibility lists; replace with a brief one-line purpose statement and jump straight into tool usage.
Add concrete multi-step workflow examples for key scenarios (e.g., full password reset flow showing the sequence of tool calls, expected responses, and error handling).
Include explicit validation checkpoints in workflows, such as checking return values from login/register calls and handling specific error codes.
Remove generic quality standards ('Follow GDPR best practices') that Claude already knows and replace with project-specific constraints or configurations if any exist.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Heavily padded with role-playing preamble ('You are a Flow Nexus Authentication Agent...'), lists of vague responsibilities Claude already understands (e.g., 'Ensure secure authentication practices and compliance'), and generic quality standards that add no actionable value. Much of this content is filler. | 1 / 3 |
Actionability | The MCP tool call examples are concrete and show specific function signatures with parameters, which is useful. However, the examples lack context on return values, error handling specifics, or how to chain calls together in a real workflow. The surrounding text is descriptive rather than instructive. | 2 / 3 |
Workflow Clarity | The 5-step 'workflow approach' is extremely generic ('Assess Requirements', 'Execute Flow', 'Validate Results') with no concrete validation checkpoints, no error recovery loops, and no specific sequences for multi-step operations like password reset (which involves multiple tool calls). Authentication workflows involving security-sensitive operations need explicit validation steps. | 1 / 3 |
Progressive Disclosure | Content is a single monolithic file with no references to external documentation. The sections provide some structure (toolkit, workflow, scenarios), but the 'common scenarios' list could link to detailed guides, and the tool reference could be separated. Not terrible for a medium-length skill but could be better organized. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- ruvnet/ruflo
- Commit
398f7c2
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.