CtrlK
BlogDocsLog inGet started
Tessl Logo

api-authentication

Secure API authentication with JWT, OAuth 2.0, API keys. Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors.

96

1.42x
Quality

93%

Does it follow best practices?

Impact

100%

1.42x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Evaluation results

100%

38%

Secure Node.js Authentication Module

JWT middleware and token generation

Criteria
Without context
With context

jsonwebtoken package

100%

100%

Access token payload

50%

100%

Access token expiry

100%

100%

JWT_SECRET env var

0%

100%

Refresh token fields

0%

100%

Refresh token expiry

100%

100%

REFRESH_SECRET env var

50%

100%

Bearer prefix check

100%

100%

Parts length check

0%

100%

Malformed header error

50%

100%

Invalid token error

50%

100%

Security headers

62%

100%

HttpOnly cookie guidance

75%

100%

No token in URLs

100%

100%

100%

32%

Flask API with User Login and Role-Based Access Control

Flask JWT with role-based access

Criteria
Without context
With context

flask_jwt_extended package

100%

100%

JWT_SECRET_KEY env var

100%

100%

Access token expires config

100%

100%

Refresh token expires config

50%

100%

role_required decorator

0%

100%

403 insufficient permissions

50%

100%

Safe JSON parsing

100%

100%

Email/password validation

100%

100%

User-first credential check

100%

100%

Invalid credentials error

50%

100%

werkzeug password hashing

0%

100%

Role/email in token claims

50%

100%

requirements.txt

100%

100%

100%

20%

API Key Authentication for a Data Integration Service

API key generation and validation

Criteria
Without context
With context

secrets.token_urlsafe(32)

0%

100%

SHA-256 hashing

100%

100%

X-API-Key header

100%

100%

Active key filter

100%

100%

last_used timestamp update

100%

100%

401 missing key

100%

100%

401 invalid key

100%

100%

DB rollback on error

40%

100%

Error logged not exposed

50%

100%

No plain key stored

100%

100%

No plain key in logs

100%

100%

Repository
secondsky/claude-skills
Commit

90d6bd7

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Secure Node.js Authentication ModuleFlask API with User Login and Role-Based Access ControlAPI Key Authentication for a Data Integration Service

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill