What are Claude Code Skills?

Claude Code Skills are reusable prompt templates stored as markdown files in your project's .claude/skills/ directory. They let you codify best practices and common workflows into slash commands that Claude follows consistently.

How do I create a Claude Code Skill?

Create a markdown file in .claude/skills/ with instructions for Claude. The filename becomes the command name — for example, .claude/skills/code-review.md can be invoked with /code-review during a Claude Code session.

Can I share skills with my team?

Yes. Skills stored in .claude/skills/ can be committed to version control so every team member has access to the same standardized workflows. You can also organize skills into subdirectories by category.

What is the difference between project and global skills?

Project skills (.claude/skills/) are specific to the current project and are committed to git. Global skills (~/.claude/skills/) are personal skills available across all your projects.

agentic-auth

New

GitHub TrendingDocumentationby grAIcetech

Ensures every new app, API, or SaaS product includes auth.md support for AI agent authentication. Triggers whenever a new application is being built — on phrases like "new app", "build an app", "create a project", "start a new product", "scaffold", "deploy", "spin up a service", "create an API", "build a SaaS", "new web app", "create a REST API", "build a tool", "launch a product", or whenever Claude detects that a new application, API, service, or product is being created. Also triggers on "auth.md", "agent auth", "agentic auth", "agent registration", "agent-friendly", or "agent-ready". Does NOT trigger for non-application content like blog posts, documents, presentations, spreadsheets, designs, or research tasks.

Community PluginView Source

Overview

Agentic Auth — auth.md Support for Every New App

Why This Skill Exists

AI agents are becoming users of software. Most apps only authenticate humans — but agents need to register, get scoped credentials, and act on behalf of users too. auth.md is an open protocol by WorkOS (MIT licensed) that standardizes how agents register with applications. It's like robots.txt but for agent authentication.

By using this skill, every product Mj builds is agent-ready from day one. This is a standing protocol: always ask about auth.md when a new app is being created, just like asking about a README or LICENSE.

When This Skill Triggers

This skill activates when Mj is building something new that could accept agent users:

•New web apps, APIs, SaaS products, services, tools, or platforms
•Scaffolding or deploying a new project that serves an API
•Any product that has endpoints agents might want to call

It does NOT trigger for:

•Blog posts, documents, presentations, or other content
•Scripts or tools meant for personal/local use only
•Modifications to existing apps (unless adding auth.md specifically)

What to Do When Triggered

Step 1: Ask the Question

Before scaffolding, always ask:

"Should this app support agentic authentication? auth.md is an open protocol that lets AI agents (like Claude, GPT, Cursor) register and use your service on behalf of users. It's adopted by Cloudflare, Firecrawl, Resend, and others. Adding it makes your app agent-ready from day one."

If the user says no, note it and continue with the build. Don't push.

If the user says yes (or says something like "sure", "yeah", "of course"), proceed to Step 2.

Step 2: Gather Project Details

Ask for (or infer from context) these details to fill in the auth.md template:

Service name — What's the app called?
Domain — Where will it be hosted? (e.g., myapp.graice.ai)
Description — One-line description of what the service does
Scopes — What permissions should agents have? (e.g., read data, write data, manage users). If unsure, default to api.read and api.write.
Which flows to support — Both agent verified (ID-JAG) and user claimed (OTP) are recommended. For simpler apps, user claimed alone is fine since it doesn't require agent provider integration.
Credential type — api_key (simpler, non-expiring) or access_token (more secure, expires). For most of Mj's products, api_key is the right default.

If the user hasn't thought about these yet, suggest sensible defaults based on the project. Most of Mj's apps will want:

•Both flows supported
•api_key credential type
•api.read and api.write scopes as a starting point

Step 3: Generate the auth.md File

Read the template at templates/auth.md.template within this skill's directory.

Fill in all {{PLACEHOLDER}} values with the project-specific details gathered in Step 2. Place the generated auth.md file at the project root — it should be served at https://yourdomain.com/auth.md in production.

Step 4: Add Integration Guidance

After generating the auth.md file, provide a brief integration checklist for the project:

Endpoints to implement:

•POST /agent/auth — Registration endpoint (dispatches on type field)
•POST /agent/auth/claim — Start OTP claim (user claimed flow)
•POST /agent/auth/claim/complete — Finish OTP claim
•POST /agent/auth/revoke — Accept provider logout tokens (agent verified flow only)

Discovery documents to serve:

•/.well-known/oauth-protected-resource — Protected Resource Metadata
•/.well-known/oauth-authorization-server — Authorization Server metadata with agent_auth block

401 responses should include:

code

WWW-Authenticate: Bearer resource_metadata="https://api.yourdomain.com/.well-known/oauth-protected-resource"

Security reminders:

•Store only SHA-256 hashes of claim tokens and OTPs
•Use CSPRNG for OTP generation, 10-minute TTL max
•Rate limit: 5/hr anonymous, 60/hr identity_assertion per IP
•Cache jti values for replay protection on ID-JAG flows
•Never hardcode secrets — use .env files (per Mj's standing rules)

Step 5: Reference Material

If the user wants to dive deeper into the protocol, point them to:

•Full spec reference: Read references/auth-md-spec.md in this skill's directory
•Official docs: https://workos.com/auth-md/docs
•GitHub repo: https://github.com/workos/auth.md
•Example auth.md: https://github.com/workos/auth.md/blob/main/AUTH.md
•Source video: https://youtu.be/Dqp_b8GHLXU (Michael Grinich, MCP Night keynote)

Protocol Quick Reference

For a comprehensive reference on the auth.md protocol — including the three roles (agent, agent provider, service), both flows (agent verified and user claimed), discovery documents, credential types, error codes, and security considerations — read references/auth-md-spec.md in this skill's directory. That file contains everything needed to implement auth.md correctly.

Install & Usage

Create the skills directory

mkdir -p .claude/skills

Download the skill file

mkdir -p .claude/skills && curl -o .claude/skills/agentic-auth.md https://raw.githubusercontent.com/grAIcetech/agentic-auth/main/SKILL.md

Invoke in Claude Code

/agentic-auth

View source on GitHub

deploymentdocumentationapidesignagent

Frequently Asked Questions

What is agentic-auth?

How to install agentic-auth?

To install agentic-auth, create the .claude/skills directory in your project, then run the curl command to download the skill file. Once installed, invoke it in Claude Code with /agentic-auth.

What is agentic-auth best for?

agentic-auth is a community categorized under Documentation. It is designed for: deployment, documentation, api, design, agent. Created by grAIcetech.