auth-implementation-patterns

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

Quality

—

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

57%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is well-structured with good progressive disclosure pointing to a real reference file, but it spends tokens explaining basic concepts Claude already knows and offers no executable code or sequenced workflow with validation in the body itself.

Suggestions

Trim or remove the 'Authentication vs Authorization' definitions and the session/token/OAuth2 strategy bullets — Claude already knows these; keep only the non-obvious implementation guidance.

Add at least one minimal executable snippet (e.g., a bcrypt hashing or JWT verification call) directly in the body so the skill is actionable without always opening the reference.

If the skill is meant to guide implementation, add a short sequenced workflow with a validation checkpoint (e.g., verify token validation middleware before shipping) to raise workflow clarity.

Dimension	Reasoning	Score
Conciseness	The body is mostly lean, but sections like 'Authentication vs Authorization' ('Who are you?', 'Verifying identity') and the session/token/OAuth2 strategy bullets re-explain concepts Claude already knows, so it is not fully token-efficient.	2 / 3
Actionability	Guidance is concrete-ish ('hash with bcrypt/argon2', 'httpOnly, secure, sameSite flags', '15-30 minutes max') but the body contains no executable code or commands — those live in the reference — so it describes rather than provides copy-paste-ready instruction.	2 / 3
Workflow Clarity	The content is a concept and best-practice reference rather than a sequenced multi-step workflow; steps are listed (best practices, pitfalls) but there are no explicit validation checkpoints or feedback loops, which caps clarity at 2.	2 / 3
Progressive Disclosure	SKILL.md is a concise overview that delegates detailed patterns to a clearly signaled, one-level-deep reference (references/details.md, verified to exist), with the body split appropriately for easy navigation.	3 / 3
	Total	9 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is strong: it lists concrete capabilities, includes natural trigger terms, explicitly covers both 'what' and 'when', and occupies a distinct niche. It is written in third person with no fluff.

Dimension	Reasoning	Score
Specificity	Names multiple concrete capabilities — 'JWT, OAuth2, session management, and RBAC' and 'build secure, scalable access control systems' — matching the anchor for listing several specific actions.	3 / 3
Completeness	Explicitly answers both what ('Master authentication and authorization patterns including JWT, OAuth2...') and when via an explicit 'Use when implementing auth systems, securing APIs, or debugging security issues' trigger clause.	3 / 3
Trigger Term Quality	Uses natural terms a user would say — 'auth systems', 'securing APIs', 'debugging security issues', 'OAuth2', 'JWT', 'session management' — giving good coverage of common phrasings.	3 / 3
Distinctiveness Conflict Risk	Occupies a clear niche (auth/authorization implementation patterns) with distinct triggers unlikely to fire for unrelated skills; not generic enough to conflict broadly.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository: wshobson/agents
Commit: 5cc2549

Reviewed: about 4 hours ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.