agent-authentication

Agent skill for authentication - invoke with $agent-authentication

2.23x

Quality

11%

Does it follow best practices?

Impact

96%

2.23x

Average score across 3 eval scenarios

Securityby

Risky

Do not use without reviewing

Optimize this skill with Tessl

npx tessl skill review --optimize ./.agents/skills/agent-authentication/SKILL.md

Quality

Content

22%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill reads more like a persona/role description than an actionable skill guide. While it provides useful MCP tool signatures, the majority of the content is verbose role-framing, generic best practices, and abstract workflow steps that don't teach Claude anything new. The skill would benefit greatly from being restructured around concrete, step-by-step workflows with validation checkpoints and error handling.

Suggestions

Remove the persona framing and generic quality standards (security best practices, GDPR, graceful error handling) that Claude already knows, and focus tokens on what's unique to Flow Nexus.

Replace the abstract 5-step workflow with concrete, scenario-specific workflows (e.g., 'Registration flow: 1. Call user_register → 2. Check response for error codes X, Y → 3. If success, inform user about email verification → 4. If error code 409, user already exists...').

Add explicit error handling guidance: document common error responses from each MCP tool and the expected recovery actions.

Show a complete end-to-end example for at least one scenario (e.g., password reset) including the sequence of MCP calls, expected responses, and decision points.

Dimension	Reasoning	Score
Conciseness	The content is verbose and padded with unnecessary context. It explains Claude's role, responsibilities, and quality standards that Claude already knows (e.g., 'prioritize security, user experience,' 'handle errors gracefully,' 'follow GDPR best practices'). The persona framing ('You are a Flow Nexus Authentication Agent') and bullet-listed responsibilities add significant token overhead without actionable value.	1 / 3
Actionability	The MCP tool examples with concrete function signatures and parameters are useful and somewhat actionable. However, they are presented more as a reference catalog than executable workflows—there's no guidance on handling return values, error codes, or chaining calls together in realistic scenarios. The 'common scenarios' section describes what to handle but not how.	2 / 3
Workflow Clarity	The 5-step 'workflow approach' is generic and abstract ('Assess Requirements,' 'Execute Flow,' 'Validate Results') with no concrete validation checkpoints, error handling branches, or feedback loops. For authentication operations that involve security-sensitive state changes, the lack of explicit validation steps and error recovery paths is a significant gap.	1 / 3
Progressive Disclosure	The content is organized into logical sections (toolkit, workflow, scenarios, quality standards), which provides some structure. However, it's a monolithic file with no references to external documentation, and some sections (common scenarios, quality standards) could be trimmed or separated. No bundle files exist to reference.	2 / 3
	Total	6 / 12 Passed

Description

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This description is critically underspecified. It provides only a vague domain label ('authentication') with no concrete actions, no trigger guidance, and no indication of when Claude should select this skill. It would be nearly impossible for Claude to reliably choose this skill from a pool of alternatives.

Suggestions

Add specific concrete actions the skill performs, e.g., 'Generates authentication tokens, manages OAuth flows, validates credentials, handles session management.'

Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about logging in, setting up OAuth, managing API keys, handling passwords, or configuring SSO.'

Remove the invocation syntax ('$agent-authentication') from the description and replace it with capability-focused language that helps Claude distinguish this skill from other security-related skills.

Dimension	Reasoning	Score
Specificity	The description says 'authentication' but provides no concrete actions. It doesn't describe what the skill actually does—no mention of login, token generation, OAuth flows, credential management, or any specific capabilities.	1 / 3
Completeness	The description fails to answer both 'what does this do' and 'when should Claude use it.' There is no explanation of capabilities and no 'Use when...' clause or equivalent trigger guidance.	1 / 3
Trigger Term Quality	The only keyword is 'authentication,' which is broad and technical. It lacks natural user terms like 'login,' 'sign in,' 'password,' 'credentials,' 'OAuth,' 'token,' or 'session.' The '$agent-authentication' invocation syntax is not a natural user trigger.	1 / 3
Distinctiveness Conflict Risk	'Authentication' is extremely broad and could overlap with any skill involving security, login, API keys, user management, or access control. There are no distinguishing details to carve out a clear niche.	1 / 3
	Total	4 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: ruvnet/ruflo
Commit: 28c81c0

Reviewed: about 19 hours ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.