claims

Claims-based authorization for agents and operations. Grant, revoke, and verify permissions for secure multi-agent coordination. Use when: permission management, access control, secure operations, authorization checks. Skip when: open access, no security requirements, single-agent local work.

1.79x

Quality

84%

Does it follow best practices?

Impact

97%

1.79x

Average score across 3 eval scenarios

Securityby

Advisory

Suggest reviewing before use

Quality

Content

79%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured, concise reference skill that provides actionable CLI commands and clear categorization of claim types, scopes, and security levels. Its main weakness is the lack of a sequenced workflow showing how to properly set up and verify authorization for an agent, which is important for security-sensitive operations. The best practices section is generic and could be more actionable.

Suggestions

Add a workflow section showing the typical sequence: check existing claims → grant with scope → verify grant succeeded → monitor/audit, with explicit validation steps after granting or revoking claims.

Make the best practices section more actionable with concrete examples, e.g., show a 'before' (overly broad) vs 'after' (properly scoped) claim grant command.

Dimension	Reasoning	Score
Conciseness	The content is lean and well-structured with tables for quick reference. No unnecessary explanations of what authorization or claims are—it assumes Claude understands these concepts and jumps straight to the specifics.	3 / 3
Actionability	Provides fully executable CLI commands for all operations (check, grant, revoke, list) with concrete flags and example values. Scope patterns and security levels are specific and immediately usable.	3 / 3
Workflow Clarity	While individual commands are clear, there's no sequenced workflow showing how to set up authorization for a new agent (e.g., check existing claims → grant needed claims → verify → proceed). For security-sensitive operations, missing validation/verification steps (e.g., confirming a grant succeeded, checking before revoking) is a notable gap.	2 / 3
Progressive Disclosure	Content is well-organized with clear sections and tables, but everything is inline in a single file. For a skill with multiple concerns (claim types, scope patterns, security levels, best practices), some content could be split out or at least referenced. However, given no bundle files exist, the inline approach is reasonable but not optimal.	2 / 3
	Total	10 / 12 Passed

Description

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a well-structured skill description that effectively communicates its purpose and includes both 'Use when' and 'Skip when' clauses for clear selection guidance. The trigger terms are natural and relevant. The main weakness is that the capability descriptions could be more concrete—listing specific actions like 'grant, revoke, and verify permissions' is good but somewhat generic for an authorization system.

Suggestions

Add more specific concrete actions such as 'create permission claims, validate claim tokens, manage role hierarchies, audit permission chains' to strengthen specificity.

Dimension	Reasoning	Score
Specificity	Names the domain (claims-based authorization) and some actions (grant, revoke, verify permissions), but the actions are somewhat generic and don't describe concrete implementation details like specific claim types, token handling, or policy enforcement mechanisms.	2 / 3
Completeness	Clearly answers both 'what' (claims-based authorization, grant/revoke/verify permissions for multi-agent coordination) and 'when' with explicit 'Use when' and 'Skip when' clauses listing specific trigger scenarios.	3 / 3
Trigger Term Quality	Includes strong natural trigger terms: 'permission management', 'access control', 'authorization checks', 'secure operations', 'multi-agent coordination'. These are terms users would naturally use when needing this capability. The 'Skip when' clause also helps disambiguate.	3 / 3
Distinctiveness Conflict Risk	The combination of 'claims-based authorization', 'multi-agent coordination', and the specific 'Skip when' clause creates a clear niche that is unlikely to conflict with general security or authentication skills. The domain is well-scoped.	3 / 3
	Total	11 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: ruvnet/ruflo
Commit: 28c81c0

Reviewed: about 22 hours ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.