api-authentication
Secure API authentication with JWT, OAuth 2.0, API keys. Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors.
Install with Tessl CLI
npx tessl i github:secondsky/claude-skills --skill api-authenticationOverall
score
92%
Does it follow best practices?
Validation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope around API authentication technologies and provides explicit trigger conditions. It uses third person voice correctly, lists specific technologies and scenarios, and includes both common terms (authentication, API keys) and technical terms (JWT, OAuth 2.0) that users would naturally mention.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and technologies: 'JWT, OAuth 2.0, API keys' and specific use cases like 'token management, security headers, auth flow errors'. | 3 / 3 |
Completeness | Clearly answers both what ('Secure API authentication with JWT, OAuth 2.0, API keys') and when ('Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors'). | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'authentication', 'JWT', 'OAuth', 'API keys', 'token management', 'security headers', 'auth flow errors', 'third-party integrations'. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused on API authentication specifically with distinct triggers like JWT, OAuth 2.0, and auth-specific error handling that wouldn't overlap with general security or API skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
87%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, concise skill that provides actionable code examples for API authentication. The content efficiently covers JWT implementation with security best practices. The main weakness is the lack of an explicit workflow showing how to implement and validate authentication step-by-step.
Suggestions
Add a numbered workflow section showing the sequence for implementing auth (e.g., 1. Set up secrets, 2. Implement token generation, 3. Add middleware, 4. Test with curl command, 5. Verify token rejection)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, presenting information in tables and code blocks without explaining concepts Claude already knows. No unnecessary preamble about what JWT or OAuth are. | 3 / 3 |
Actionability | Provides fully executable Node.js code for JWT token generation and middleware, complete with error handling. The security headers example is also copy-paste ready. | 3 / 3 |
Workflow Clarity | While the code examples are clear, there's no explicit workflow sequence for implementing authentication end-to-end. Missing validation checkpoints for testing the auth setup or verifying tokens work correctly before deployment. | 2 / 3 |
Progressive Disclosure | Clear structure with a quick reference table, main implementation inline, and additional implementations properly delegated to a referenced file with clear description of what it contains. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
75%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 12 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 12 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.