auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing A...
Install with Tessl CLI
npx tessl i github:sickn33/antigravity-awesome-skills --skill auth-implementation-patterns71
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillAgent success when using this skill
Validation for skill structure
Discovery
72%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description effectively identifies its authentication/authorization niche with good technical trigger terms that developers would naturally use. However, it suffers from truncation that cuts off the 'Use when' clause, and the capability description leans toward outcomes ('build secure systems') rather than specific actions Claude would perform.
Suggestions
Complete the truncated 'Use when...' clause with full trigger scenarios (e.g., 'Use when implementing login systems, validating tokens, setting up OAuth flows, or configuring role-based permissions')
Replace vague outcome language with specific actions: instead of 'build secure, scalable access control systems', use 'generate JWT tokens, configure OAuth2 flows, implement session validation, define role hierarchies'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (authentication/authorization) and lists specific technologies (JWT, OAuth2, session management, RBAC), but uses vague outcome language ('build secure, scalable access control systems') rather than concrete actions like 'validate tokens' or 'implement role checks'. | 2 / 3 |
Completeness | Has a partial 'Use when...' clause ('Use when implementing auth systems, securing A...') but it's truncated and incomplete. The 'what' is reasonably covered but the 'when' guidance is cut off, preventing full evaluation of trigger scenarios. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'authentication', 'authorization', 'JWT', 'OAuth2', 'session management', 'RBAC', 'auth systems'. These are terms developers commonly use when seeking help with access control. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on authentication/authorization patterns with distinct technical terms (JWT, OAuth2, RBAC). Unlikely to conflict with general coding skills or other security-related skills due to specific auth focus. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is well-structured and concise but critically lacks actionable content. It reads more like a table of contents or checklist than a skill that teaches Claude how to implement authentication systems. The heavy reliance on an external playbook file means the SKILL.md itself provides almost no executable guidance.
Suggestions
Add at least one concrete, executable code example for a common auth pattern (e.g., JWT validation middleware or session setup)
Include specific commands or code snippets for key steps like 'Choose auth strategy' - show what each choice looks like in practice
Add validation/verification steps to the workflow, such as 'Test token expiration handling' or 'Verify RBAC rules with test cases'
Provide a minimal working example that doesn't require opening the external playbook for basic auth implementation
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, avoiding unnecessary explanations of concepts Claude already knows. Every section serves a clear purpose without padding or verbose descriptions. | 3 / 3 |
Actionability | The skill provides only abstract guidance ('Choose auth strategy', 'Design authorization model') without any concrete code, commands, or executable examples. It describes what to do conceptually but not how to do it. | 1 / 3 |
Workflow Clarity | Steps are listed in a logical sequence but lack validation checkpoints or feedback loops. For security-critical operations like auth implementation, there's no mention of testing, verification, or error recovery steps. | 2 / 3 |
Progressive Disclosure | Clear overview structure with well-signaled one-level-deep reference to the implementation playbook. Content is appropriately split between the overview and detailed resource file. | 3 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.