CtrlK
BlogDocsLog inGet started
Tessl Logo

auth-testing

Test OAuth2 token refresh and session expiry locally. Use when working on auth, tokens, SSO, OIDC, or session management features.

89

1.11x
Quality

Does it follow best practices?

Impact

100%

1.11x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A highly actionable, well-structured skill body with concrete commands, exact config values, and clear sequenced test scenarios with observable checkpoints. Its main weaknesses are some redundant conceptual explanation and a monolithic single-file structure with no progressive disclosure via separate reference files.

Suggestions

Trim conceptual re-explanation Claude already knows (e.g., the 'Difference from token expiry' table and maxSessionDuration prose) to improve conciseness.

Move the Debugging and Related Files detail into a separate reference file referenced one level deep from SKILL.md to improve progressive disclosure.

Add an explicit success/validation checkpoint to each scenario (e.g., 'Confirm session_start cookie is set' / 'Confirm 401 + redirect occurs') to strengthen feedback loops.

DimensionReasoningScore

Conciseness

The body is mostly efficient (tables, exact ports, TTLs, cookie names), but sections like 'Difference from token expiry' and the maxSessionDuration prose re-explain OAuth/session concepts Claude already knows, so it could be tightened.

2 / 3

Actionability

It provides copy-paste-ready, fully executable guidance: exact commands (pnpm dev:with-auth), curl examples with URLs/ports/cookies, precise YAML/TypeScript config snippets, and concrete file paths.

3 / 3

Workflow Clarity

The three testing scenarios are clearly sequenced with numbered steps and explicit expected-behavior checkpoints ('Observe /auth/refresh request', 'should redirect to OIDC login page'), giving clear success signals even though the operations are non-destructive.

3 / 3

Progressive Disclosure

No bundle reference files exist, so all content lives in a single ~160-line monolithic document; it is well-organized into sections but content like debugging details and related files remains inline rather than split into one-level-deep references.

2 / 3

Total

10

/

12

Passed

Description

90%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A well-constructed description that concisely states a concrete capability and pairs it with an explicit, naturally-worded 'Use when' trigger clause covering multiple relevant terms. The only minor weakness is specificity, which lists two actions rather than a broader set.

DimensionReasoningScore

Specificity

Names the auth-testing domain and two concrete actions ("Test OAuth2 token refresh and session expiry"), but stops at two rather than listing multiple specific actions, matching the 'names domain and some actions' anchor.

2 / 3

Completeness

It explicitly states what it does ('Test OAuth2 token refresh and session expiry locally') and when to use it ('Use when working on auth, tokens, SSO, OIDC, or session management features'), clearly answering both what and when.

3 / 3

Trigger Term Quality

The 'Use when working on auth, tokens, SSO, OIDC, or session management features' clause provides strong coverage of natural terms a user would actually say, matching the 'good coverage of natural terms' anchor.

3 / 3

Distinctiveness Conflict Risk

The narrow niche of local OAuth2 token-refresh and session-expiry testing with distinct trigger terms is unlikely to conflict with unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
temporalio/ui
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.