claims
Claims-based authorization for agents and operations. Grant, revoke, and verify permissions for secure multi-agent coordination. Use when: permission management, access control, secure operations, authorization checks. Skip when: open access, no security requirements, single-agent local work.
89
84%
Does it follow best practices?
Impact
97%
1.79xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly communicates its purpose and provides explicit trigger guidance with both 'Use when' and 'Skip when' clauses. The main weakness is that the capability actions (grant, revoke, verify) are somewhat generic and could benefit from more concrete specifics about what claims-based authorization entails in practice. Overall, it performs well on completeness and distinctiveness.
Suggestions
Add more specific concrete actions beyond 'grant, revoke, verify' — e.g., 'create permission claims, validate agent scopes, enforce role-based policies, audit authorization logs' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (claims-based authorization) and some actions (grant, revoke, verify permissions), but the actions are somewhat generic and don't describe concrete implementation details like specific claim types, token handling, or policy enforcement mechanisms. | 2 / 3 |
Completeness | Clearly answers both 'what' (claims-based authorization, grant/revoke/verify permissions for multi-agent coordination) and 'when' with explicit 'Use when' and 'Skip when' clauses listing specific trigger scenarios. | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms: 'permission management', 'access control', 'authorization checks', 'secure operations', 'multi-agent coordination'. These are terms users would naturally use when needing this capability. The 'Skip when' clause also helps disambiguate. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of 'claims-based authorization', 'multi-agent coordination', and the specific 'Skip when' clause creates a clear niche that is unlikely to conflict with general security or authentication skills. The domain is well-scoped. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
79%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
A concise, well-structured reference for claims-based authorization with concrete CLI commands and useful tables. Its main weakness is the lack of a sequenced workflow showing how to properly set up and verify authorization for an agent, which is important for security-critical operations. The best practices section is generic and could be replaced with a concrete verification workflow.
Suggestions
Add a sequenced workflow example showing the full process: check existing claims → grant specific claims → verify grants succeeded → handle failures, especially since this involves security-critical operations.
Replace or augment the generic 'Best Practices' section with a concrete verification step (e.g., 'After granting, always verify: npx claude-flow claims check --agent agent-123 --claim write').
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and well-structured using tables for reference data. No unnecessary explanations of what authorization or claims are—it assumes Claude understands these concepts and jumps straight to the specifics. | 3 / 3 |
Actionability | Provides concrete, copy-paste ready CLI commands for all operations (check, grant, revoke, list) with realistic arguments. Scope patterns and security levels are specific and immediately usable. | 3 / 3 |
Workflow Clarity | Commands are listed individually but there's no sequenced workflow showing how to set up authorization for a new agent (e.g., check existing claims → grant needed claims → verify). No validation steps or feedback loops for verifying that grants/revocations succeeded, which matters for security-critical operations. | 2 / 3 |
Progressive Disclosure | Content is well-organized with clear sections and tables, but everything is inline in a single file. For a skill of this size it's borderline acceptable, but there's no reference to any external documentation for advanced topics like audit logging, claim inheritance, or conflict resolution. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- ruvnet/ruflo
- Commit
398f7c2
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.