claims
Claims-based authorization for agents and operations. Grant, revoke, and verify permissions for secure multi-agent coordination. Use when: permission management, access control, secure operations, authorization checks. Skip when: open access, no security requirements, single-agent local work.
89
84%
Does it follow best practices?
Impact
97%
1.79xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured skill description that effectively communicates its purpose and includes both 'Use when' and 'Skip when' clauses for clear selection guidance. The trigger terms are natural and relevant. The main weakness is that the capability descriptions could be more concrete—listing specific actions like 'grant, revoke, and verify permissions' is good but somewhat generic for an authorization system.
Suggestions
Add more specific concrete actions such as 'create permission claims, validate claim tokens, manage role hierarchies, audit permission chains' to increase specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (claims-based authorization) and some actions (grant, revoke, verify permissions), but the actions are somewhat generic and don't describe concrete implementation details like specific claim types, token handling, or policy enforcement mechanisms. | 2 / 3 |
Completeness | Clearly answers both 'what' (claims-based authorization, grant/revoke/verify permissions for multi-agent coordination) and 'when' with explicit 'Use when' and 'Skip when' clauses listing specific trigger scenarios. | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms: 'permission management', 'access control', 'authorization checks', 'secure operations', 'multi-agent coordination'. These are terms users would naturally use when needing this capability. The 'Skip when' clause also helps disambiguate. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of 'claims-based authorization', 'multi-agent coordination', and the specific 'Skip when' clause creates a clear niche that is unlikely to conflict with general security or authentication skills. The domain is well-scoped. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
79%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a clean, concise reference skill with strong actionability through concrete CLI commands and well-organized tables. Its main weakness is the lack of a sequenced workflow showing how to properly set up and verify authorization for an agent, which is important for a security-sensitive operation. The best practices section is generic and could be more actionable.
Suggestions
Add a sequenced workflow section showing the typical authorization setup process (e.g., 1. Check existing claims → 2. Grant needed claims → 3. Verify with check command → 4. If incorrect, revoke and re-grant)
Make the 'Best Practices' section more actionable with specific commands, e.g., show how to audit claim usage or demonstrate scoping claims narrowly with a before/after example
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and well-structured using tables for reference data. No unnecessary explanations of what authorization or claims are—it assumes Claude understands these concepts and jumps straight to the specifics. | 3 / 3 |
Actionability | Provides concrete, copy-paste-ready CLI commands for all operations (check, grant, revoke, list) with realistic arguments. Scope patterns and security levels are specific and immediately usable. | 3 / 3 |
Workflow Clarity | Commands are listed individually but there's no sequenced workflow showing how to set up authorization for a new agent (e.g., check existing claims → grant needed claims → verify). For a security-related skill involving access control, a validation/verification step (e.g., confirm grant succeeded, audit after revocation) would be expected but is missing. | 2 / 3 |
Progressive Disclosure | Content is well-organized with clear sections and tables, but everything is inline in a single file. For a skill of this scope, this is borderline acceptable, but the 'Best Practices' and 'Security Levels' sections could benefit from links to more detailed guidance (e.g., audit procedures, security level configuration). | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- ruvnet/ruflo
- Commit
0f7c750
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.