access-control-rbac
Role-based access control (RBAC) with permissions and policies. Use for admin dashboards, enterprise access, multi-tenant apps, fine-grained authorization, or encountering permission hierarchies, role inheritance, policy conflicts.
Install with Tessl CLI
npx tessl i github:secondsky/claude-skills --skill access-control-rbacOverall
score
88%
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent trigger term coverage and clear 'Use for...' guidance that makes it easy for Claude to know when to select this skill. The main weakness is that it describes the domain rather than specific actions Claude can perform with this skill. Adding concrete verbs like 'design', 'implement', or 'troubleshoot' would strengthen it.
Suggestions
Add specific action verbs to describe what the skill does, e.g., 'Design and implement role-based access control (RBAC) systems, resolve policy conflicts, configure permission hierarchies.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (RBAC) and mentions related concepts like 'permissions', 'policies', 'permission hierarchies', 'role inheritance', and 'policy conflicts', but doesn't list concrete actions (e.g., 'create roles', 'assign permissions', 'resolve conflicts'). | 2 / 3 |
Completeness | Clearly answers both what (RBAC with permissions and policies) and when (explicit 'Use for...' clause with multiple trigger scenarios including admin dashboards, enterprise access, multi-tenant apps, and specific RBAC concepts). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'admin dashboards', 'enterprise access', 'multi-tenant apps', 'fine-grained authorization', 'permission hierarchies', 'role inheritance', 'policy conflicts', and 'RBAC' itself. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on RBAC and authorization patterns with distinct triggers like 'role inheritance', 'policy conflicts', and 'fine-grained authorization' that are unlikely to conflict with general coding or database skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
87%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured skill with excellent actionability and conciseness. The code examples are complete and executable, and the progressive disclosure is well-handled with clear references to language-specific implementations. The main weakness is the lack of explicit workflow guidance for implementing and validating access control systems in practice.
Suggestions
Add a brief implementation workflow section with steps like: 1) Define roles/permissions, 2) Test permission matrix, 3) Integrate middleware, 4) Verify with test cases
Include a validation checklist or testing approach for verifying permission configurations work as expected before deployment
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, presenting models in a table format and providing executable code without unnecessary explanation of basic concepts. Every section adds value without padding. | 3 / 3 |
Actionability | Provides fully executable Node.js and Python implementations with complete class definitions, middleware examples, and setup code. The code is copy-paste ready with clear usage patterns. | 3 / 3 |
Workflow Clarity | While the code examples are clear, there's no explicit workflow for implementing RBAC in a project - no validation steps, no guidance on testing permission configurations, and no error recovery patterns for permission conflicts. | 2 / 3 |
Progressive Disclosure | Excellent structure with a quick overview table, inline implementations for common cases, and clear one-level-deep references to detailed implementations (python-abac.md, java-spring-security.md) with descriptions of what each contains. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
75%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 12 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 12 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.