claims
Claims-based authorization for agents and operations. Grant, revoke, and verify permissions for secure multi-agent coordination. Use when: permission management, access control, secure operations, authorization checks. Skip when: open access, no security requirements, single-agent local work.
89
84%
Does it follow best practices?
Impact
97%
1.79xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured skill description with strong completeness due to explicit 'Use when' and 'Skip when' clauses. The trigger terms are natural and well-chosen, and the claims-based authorization focus creates good distinctiveness. The main weakness is that the specific capabilities (grant, revoke, verify) could be more detailed about what exactly is being managed (e.g., claim types, policy formats, token structures).
Suggestions
Add more concrete action details such as 'manage claim tokens, evaluate permission policies, audit access logs' to strengthen specificity beyond the generic grant/revoke/verify pattern.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (claims-based authorization) and some actions (grant, revoke, verify permissions), but the actions are somewhat generic and don't describe concrete implementation details like specific claim types, token handling, or policy evaluation. | 2 / 3 |
Completeness | Clearly answers both 'what' (claims-based authorization, grant/revoke/verify permissions for multi-agent coordination) and 'when' with explicit 'Use when' and 'Skip when' clauses providing clear trigger and exclusion guidance. | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms: 'permission management', 'access control', 'authorization checks', 'secure operations', 'multi-agent coordination'. These are terms users would naturally use when needing this capability. Also includes helpful 'Skip when' terms to reduce false positives. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of 'claims-based authorization', 'multi-agent coordination', and the specific 'Skip when' clause creates a clear niche. The focus on agent-level permissions and claims-based model distinguishes it well from general security or authentication skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
79%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a clean, concise reference for claims-based authorization with good actionability through concrete CLI commands and well-organized tables. Its main weakness is the lack of a sequenced workflow showing how to properly set up and verify authorization for an agent, which is important for security-sensitive operations. The best practices section is generic and could be replaced with a concrete verification workflow.
Suggestions
Add a sequenced workflow showing the typical authorization setup process: check existing claims → grant needed claims → verify grants → handle failures, with explicit validation steps.
Include error handling guidance: what output to expect when a claim check fails, how to verify a grant took effect, and what to do when authorization is denied during an operation.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and well-structured with tables for quick reference. No unnecessary explanations of what authorization or claims are—it assumes Claude understands these concepts and jumps straight to the specifics. | 3 / 3 |
Actionability | Provides fully executable CLI commands for all operations (check, grant, revoke, list) with concrete flags and example values. Scope patterns and security levels are specific and immediately usable. | 3 / 3 |
Workflow Clarity | Commands are listed individually but there's no sequenced workflow showing how to set up authorization for a new agent (e.g., check existing claims → grant needed claims → verify). For security-sensitive operations, there are no validation checkpoints or error handling guidance (e.g., what happens if a claim check fails, how to verify grants took effect). | 2 / 3 |
Progressive Disclosure | Content is well-organized with clear sections and tables, but everything is inline in a single file. For a skill of this size it's borderline acceptable, but there are no references to deeper documentation for topics like audit procedures, security level configuration, or advanced scope patterns that could benefit from separate files. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- ruvnet/ruflo
- Commit
619b263
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.