session-management
Implements secure session management with JWT tokens, Redis storage, refresh flows, and proper cookie configuration. Use when building authentication systems, managing user sessions, or implementing secure logout functionality.
93
89%
Does it follow best practices?
Impact
97%
1.97xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It provides specific technical capabilities (JWT, Redis, refresh flows, cookies), uses natural developer terminology, explicitly states both what it does and when to use it, and carves out a distinct niche in session/authentication management.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'JWT tokens, Redis storage, refresh flows, and proper cookie configuration' - these are distinct, actionable capabilities rather than vague language. | 3 / 3 |
Completeness | Clearly answers both what ('Implements secure session management with JWT tokens, Redis storage, refresh flows, and proper cookie configuration') AND when ('Use when building authentication systems, managing user sessions, or implementing secure logout functionality'). | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'authentication systems', 'user sessions', 'secure logout', 'JWT tokens', 'session management' - good coverage of terms developers naturally use when needing this functionality. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused on session management with specific technologies (JWT, Redis) and use cases (authentication, sessions, logout) - unlikely to conflict with general coding skills or other auth-adjacent skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
79%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable skill with excellent code examples that are immediately usable. The main weaknesses are the lack of explicit workflow sequencing showing how the components integrate together, and missing validation checkpoints for security-critical operations like token verification on every request.
Suggestions
Add a workflow section showing the complete authentication flow: login -> token generation -> storage -> validation -> refresh -> logout sequence with explicit validation checkpoints
Include a validation step example showing how to verify tokens on every request, as mentioned in Security Requirements but not demonstrated in code
Consider adding error recovery guidance for common failure scenarios (expired tokens, Redis connection failures, invalid signatures)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, providing only executable code examples without explaining what JWTs are or how Redis works. Every section delivers actionable code without unnecessary preamble. | 3 / 3 |
Actionability | All code examples are fully executable JavaScript with proper imports, complete function implementations, and realistic configurations. The cookie settings, Redis operations, and token refresh flow are copy-paste ready. | 3 / 3 |
Workflow Clarity | While individual components are clear, there's no explicit sequence showing how these pieces connect (e.g., when to use Redis sessions vs JWT, validation checkpoints for token operations). The refresh flow lacks error recovery guidance beyond the catch block. | 2 / 3 |
Progressive Disclosure | Content is well-organized into logical sections, but everything is inline in one file. For a skill of this complexity, separating the security requirements into a reference doc or providing links to detailed token validation patterns would improve navigation. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- secondsky/claude-skills
- Commit
90d6bd7
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.