api-authentication
Secure API authentication with JWT, OAuth 2.0, API keys. Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors.
96
93%
Does it follow best practices?
Impact
100%
1.42xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope around API authentication technologies and provides explicit trigger conditions. It uses third person voice correctly, lists specific technologies and scenarios, and includes both common terms (authentication, API keys) and technical terms (JWT, OAuth 2.0) that users would naturally mention.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and technologies: 'JWT, OAuth 2.0, API keys' and specific use cases like 'token management, security headers, auth flow errors'. | 3 / 3 |
Completeness | Clearly answers both what ('Secure API authentication with JWT, OAuth 2.0, API keys') and when ('Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors'). | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'authentication', 'JWT', 'OAuth', 'API keys', 'token management', 'security headers', 'auth flow errors', 'third-party integrations'. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused on API authentication specifically with distinct triggers like JWT, OAuth 2.0, and auth-specific error handling that wouldn't overlap with general security or API skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
87%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, concise skill that provides actionable code examples for JWT authentication. The content efficiently uses tables for quick reference and includes security best practices. The main weakness is the lack of an explicit implementation workflow with validation steps to verify the authentication is working correctly.
Suggestions
Add a brief workflow section showing the sequence: 1) Set up secrets, 2) Implement token generation, 3) Add middleware, 4) Test with curl/Postman to verify tokens work
Include a simple validation step or test command to verify the JWT implementation is working correctly before deploying
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, presenting information in tables and code blocks without explaining concepts Claude already knows. No unnecessary preamble about what JWT or OAuth are. | 3 / 3 |
Actionability | Provides fully executable Node.js code for JWT token generation and middleware, complete with proper error handling. The security headers example is also copy-paste ready. | 3 / 3 |
Workflow Clarity | While the code examples are clear, there's no explicit workflow sequence for implementing authentication end-to-end. Missing validation checkpoints for testing the auth setup or verifying tokens are working correctly. | 2 / 3 |
Progressive Disclosure | Clean structure with a quick reference table, focused Node.js implementation in the main file, and clear one-level-deep reference to Python/Flask implementations in a separate file. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- secondsky/claude-skills
- Commit
90d6bd7
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.