access-control-rbac
Role-based access control (RBAC) with permissions and policies. Use for admin dashboards, enterprise access, multi-tenant apps, fine-grained authorization, or encountering permission hierarchies, role inheritance, policy conflicts.
80
75%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/access-control-rbac/skills/access-control-rbac/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description effectively identifies its niche (RBAC) and provides excellent trigger coverage with a clear 'Use for...' clause. Its main weakness is that it describes the domain and concepts rather than listing specific concrete actions the skill performs (e.g., 'create role hierarchies', 'resolve policy conflicts', 'generate permission matrices'). Adding action verbs would strengthen the specificity dimension.
Suggestions
Add concrete action verbs describing what the skill does, e.g., 'Implements role-based access control, creates permission hierarchies, resolves policy conflicts, and generates authorization middleware.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (RBAC) and mentions some concepts like 'permissions', 'policies', 'role inheritance', 'policy conflicts', but doesn't list concrete actions (e.g., 'create roles', 'assign permissions', 'resolve policy conflicts'). It describes the domain more than specific actions the skill performs. | 2 / 3 |
Completeness | Clearly answers both 'what' (role-based access control with permissions and policies) and 'when' (explicit 'Use for...' clause listing admin dashboards, enterprise access, multi-tenant apps, fine-grained authorization, permission hierarchies, role inheritance, policy conflicts). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'RBAC', 'permissions', 'admin dashboards', 'enterprise access', 'multi-tenant apps', 'authorization', 'permission hierarchies', 'role inheritance', 'policy conflicts'. These cover a wide range of terms a user might naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | RBAC is a well-defined niche with distinct trigger terms like 'role inheritance', 'policy conflicts', 'permission hierarchies', and 'fine-grained authorization' that are unlikely to overlap with other skills. The specificity of the access control domain makes it clearly distinguishable. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
60%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides solid, executable code examples for RBAC and ABAC patterns with good progressive disclosure to reference files. However, it lacks workflow guidance for actually implementing access control in a project—there are no steps for setup, testing, or validation, which is concerning for security-critical functionality. The access control models table and best practices section add tokens without adding much value for Claude.
Suggestions
Add a workflow section with clear steps for implementing RBAC in a project: 1) Define roles/permissions, 2) Implement middleware, 3) Test with specific scenarios, 4) Validate deny-by-default behavior, 5) Add audit logging
Include a validation/testing step showing how to verify permissions work correctly (e.g., a test script that checks expected allow/deny outcomes for each role)
Remove or significantly trim the access control models comparison table and best practices section—Claude already knows these concepts and the tokens would be better spent on implementation workflow
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is reasonably efficient but includes some unnecessary elements like the access control models comparison table (Claude already knows these models well) and the best practices section which is largely common knowledge. The code examples themselves are well-sized but the overall document could be tightened. | 2 / 3 |
Actionability | The Node.js RBAC implementation and Python ABAC pattern are fully executable, copy-paste ready code with complete class definitions, middleware integration, and setup examples. The code is concrete and immediately usable. | 3 / 3 |
Workflow Clarity | There is no workflow or sequencing for implementing access control. The skill presents code snippets and patterns but lacks any step-by-step process for setting up RBAC in a project, no validation checkpoints for testing permissions, and no guidance on verifying the system works correctly before deployment—critical for a security-sensitive domain. | 1 / 3 |
Progressive Disclosure | The skill provides a clear overview with well-signaled one-level-deep references to python-abac.md and java-spring-security.md for detailed implementations. The main content stays focused on core patterns while pointing to supplementary files for language-specific details. | 3 / 3 |
Total | 9 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- secondsky/claude-skills
- Commit
88da5ff
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.