auth-implementation-patterns
Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices.
42
28%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/auth-implementation-patterns/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description reads like a marketing tagline rather than a functional skill description. It relies heavily on buzzwords ('secure', 'scalable', 'industry-standard', 'modern best practices') without specifying concrete actions or providing any trigger guidance for when Claude should select this skill. The core domain of auth is identifiable but insufficiently detailed.
Suggestions
Add a 'Use when...' clause with explicit trigger terms like 'login', 'sign-in', 'OAuth', 'JWT', 'SSO', 'password reset', 'permissions', 'roles', 'RBAC', 'session management'.
Replace vague phrases like 'industry-standard patterns and modern best practices' with specific actions such as 'Implements OAuth 2.0 flows, configures JWT-based sessions, sets up role-based access control, integrates SSO providers'.
Remove marketing-style adjectives ('secure', 'scalable') and instead describe the concrete capabilities that make the outputs secure and scalable.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague, buzzword-heavy language like 'secure, scalable', 'industry-standard patterns', and 'modern best practices' without listing any concrete actions. It doesn't specify what actions are performed (e.g., implement OAuth flows, configure JWT tokens, set up RBAC). | 1 / 3 |
Completeness | The 'what' is vaguely stated as 'build authentication and authorization systems' without specifics, and there is no 'when' clause or explicit trigger guidance at all. The missing 'Use when...' clause would cap this at 2 regardless, but the weak 'what' brings it to 1. | 1 / 3 |
Trigger Term Quality | It includes 'authentication' and 'authorization' which are natural terms users would say, but misses common variations like 'login', 'sign-in', 'OAuth', 'JWT', 'SSO', 'password', 'permissions', 'roles', 'RBAC', 'session management'. | 2 / 3 |
Distinctiveness Conflict Risk | The auth domain is somewhat specific, but 'build secure, scalable systems' is generic enough to overlap with security-focused skills, API development skills, or general backend development skills. The lack of concrete scope boundaries increases conflict risk. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is a thin shell that defers nearly all substantive content to an external playbook without providing any concrete, actionable guidance in the main file. The instructions read as a high-level checklist of abstract planning steps rather than executable guidance with code examples, specific commands, or concrete patterns. For a security-critical domain like authentication and authorization, the absence of validation steps, concrete code, and specific implementation patterns is a significant weakness.
Suggestions
Add at least one concrete, executable code example (e.g., JWT token generation/validation, session middleware setup, or password hashing) directly in the SKILL.md to make it actionable without requiring the external playbook.
Replace the abstract instruction bullets ('Define users, tenants, flows...') with specific, step-by-step guidance that includes validation checkpoints (e.g., 'Verify token expiry is set; test with expired token to confirm rejection').
Include a minimal but concrete example of at least one auth pattern (e.g., a JWT middleware snippet or an RBAC policy check) so the skill provides immediate value.
Add explicit security validation steps such as 'Test that credentials are not present in logs' or 'Verify HTTPS enforcement' to improve workflow clarity for this security-sensitive domain.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Reasonably concise but the 'Use this skill when' and 'Do not use this skill when' sections add moderate overhead without providing actionable implementation guidance. The instructions themselves are brief but vague. | 2 / 3 |
Actionability | The instructions are entirely abstract ('Define users, tenants, flows...', 'Choose auth strategy...') with no concrete code, commands, specific examples, or executable guidance. Everything is described rather than instructed. | 1 / 3 |
Workflow Clarity | There is a rough sequence (define → choose → design → plan → open playbook), but no validation checkpoints, no feedback loops, and no concrete steps. For a security-sensitive domain involving credential storage and token management, the lack of verification steps is a significant gap. | 2 / 3 |
Progressive Disclosure | There is a reference to `resources/implementation-playbook.md` for detailed patterns, which is good one-level-deep disclosure. However, the SKILL.md itself provides almost no substantive content as an overview—it's too thin to serve as a useful entry point, essentially just deferring everything to the playbook. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- sickn33/antigravity-awesome-skills
- Commit
d739c8b
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.