agent-authentication
Agent skill for authentication - invoke with $agent-authentication
42
11%
Does it follow best practices?
Impact
96%
2.23xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./.agents/skills/agent-authentication/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is critically underspecified. It names only a broad domain ('authentication') without listing any concrete actions, natural trigger terms, or explicit guidance on when Claude should select this skill. It would be nearly impossible for Claude to reliably choose this skill over others in a multi-skill environment.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Generates authentication tokens, manages OAuth flows, handles login/logout, refreshes credentials.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about logging in, signing in, OAuth, API tokens, credentials, passwords, or session management.'
Remove or supplement the invocation syntax ('$agent-authentication') with descriptive content—invocation commands do not help Claude understand when to select the skill.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description says 'authentication' but provides no concrete actions—no mention of what authentication tasks it performs (e.g., login, token generation, OAuth flows, password reset). 'Agent skill for authentication' is extremely vague. | 1 / 3 |
Completeness | The description barely addresses 'what' (just 'authentication') and completely omits 'when' — there is no 'Use when...' clause or any explicit trigger guidance. | 1 / 3 |
Trigger Term Quality | The only keyword is 'authentication,' which is broad and technical. It lacks natural user terms like 'login,' 'sign in,' 'password,' 'OAuth,' 'token,' 'credentials,' or 'SSO.' The '$agent-authentication' invocation syntax is not a natural trigger term. | 1 / 3 |
Distinctiveness Conflict Risk | 'Authentication' is extremely broad and could overlap with any skill involving security, login, API keys, tokens, or user management. There is nothing to distinguish this skill's specific niche. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a persona prompt or role description than an actionable skill document. While the MCP tool signatures provide some concrete reference value, the majority of the content is generic guidance about security best practices and responsibilities that Claude already understands. The workflow section lacks the specificity and validation checkpoints needed for reliable authentication operations.
Suggestions
Remove the persona framing and generic responsibility lists; instead focus on the specific MCP tool API details, expected responses, and error codes that Claude wouldn't already know.
Add concrete workflow examples showing chained operations (e.g., register → verify email → login) with expected return values and explicit error handling at each step.
Include validation checkpoints in workflows, such as checking response status codes after login attempts and defining retry/fallback behavior for common failure modes.
Replace the 'Quality standards' section with a concise constraints block listing only non-obvious rules specific to this platform (e.g., rate limits, token expiry times, required fields).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and padded with unnecessary context. It explains Claude's role, responsibilities, and quality standards that Claude already knows (e.g., 'prioritize security, user experience,' 'handle errors gracefully,' 'follow GDPR best practices'). The persona framing ('You are a Flow Nexus Authentication Agent') and bullet-listed responsibilities add little actionable value. | 1 / 3 |
Actionability | The MCP tool examples with concrete function signatures and parameters are useful and somewhat actionable. However, they are presented more as a reference catalog than executable guidance—there's no indication of expected return values, error handling patterns, or how to chain these calls together in practice. | 2 / 3 |
Workflow Clarity | The 5-step workflow is generic and abstract ('Assess Requirements,' 'Execute Flow,' 'Validate Results') with no concrete validation checkpoints, error recovery loops, or specific commands. For authentication flows involving destructive/security-sensitive operations like password resets, the lack of explicit validation steps and feedback loops is a significant gap. | 1 / 3 |
Progressive Disclosure | The content is organized into sections (toolkit, workflow, scenarios, quality standards), which provides some structure. However, it's a monolithic file with no references to external documentation, and content like the full list of common scenarios and quality standards could be trimmed or separated. For a skill with no bundle files, the inline organization is adequate but not optimal. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- ruvnet/ruflo
- Commit
619b263
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.