create-auth-skill

by better-auth

create-auth-skill helps add Better Auth to JS or TS apps with a planning-first workflow. It scans your repo, detects framework and database signals, asks structured setup questions, then guides route wiring, providers, auth pages, and migration-safe implementation.

Stars162

Favorites0

Comments0

AddedMar 30, 2026

CategoryAccess Control

Install Command

npx skills add https://github.com/better-auth/skills --skill create-auth

Curation Score

This skill scores 78/100, which means it is a solid directory listing candidate for agents adding authentication with Better Auth, though users should expect documentation-led execution rather than a fully self-contained install workflow. The repository evidence shows real workflow substance: it tells the agent when to use the skill, requires a planning phase, instructs codebase scanning for framework/database/package-manager signals, and guides auth setup tasks like adapters, route handlers, OAuth providers, and UI pages. That gives agents more structure and less guesswork than a generic prompt, but the lack of bundled install commands, support files, or local reference materials limits operational completeness.

78/100

Strengths

Strong triggerability: frontmatter clearly scopes the skill to adding login/sign-up/authentication to JS/TS apps with Better Auth.
Good operational structure: the skill requires a planning phase, codebase scanning, and a single structured question pass before implementation.
Material agent leverage: it covers framework detection, database/ORM detection, existing auth detection, and implementation areas like adapters, route handlers, providers, and auth pages.

Cautions

Execution depends on external docs for code examples and syntax, so the skill is not fully self-contained for installation decisions.
No install command or support files are included, which may leave agents to infer package setup and exact implementation details from surrounding project context.

Better Auth Auth Oauth2 Jwt Mfa Two Factor Authentication TypeScript JavaScript

Overview

Overview of create-auth-skill skill

What create-auth-skill does

The create-auth-skill is an implementation guide for adding authentication to TypeScript or JavaScript apps with Better Auth. It is built for real setup work, not just theory: it helps an agent detect the app framework, infer the database stack, choose an adapter, wire auth routes, add providers, and scaffold sign-in or sign-up flows.

Who should use create-auth-skill

This create-auth-skill is best for developers who already know they want Better Auth, or who want an AI agent to handle the repetitive parts of auth setup with less guessing. It fits new apps and existing codebases, especially when you need login, sessions, OAuth, and auth pages without manually mapping every integration step.

The real job to be done

Most users are not looking for “an auth tutorial.” They want a working auth baseline that matches their actual stack. The value of create-auth-skill for Access Control is that it starts with discovery and planning before code changes, which reduces bad assumptions about framework conventions, package manager choice, ORM, or existing auth libraries.

What makes it different from a generic prompt

A generic prompt often jumps straight into code. This skill explicitly requires a planning phase first: scan the repository, detect likely framework and data layer signals, ask structured questions, and summarize the implementation plan before writing files. That sequence is the main differentiator because auth setup fails most often at the integration boundaries, not in the example snippets.

Best-fit and misfit

Use create-auth-skill when you want Better Auth specifically and need an agent to adapt setup to your project. It is a weaker fit if you are still deciding between auth products, need a fully opinionated permissions model, or want a provider-agnostic access architecture document. It helps bootstrap authentication well, but it is not the same thing as complete application authorization design.

How to Use create-auth-skill skill

create-auth-skill install

Install it from the Better Auth skills repository:

npx skills add https://github.com/better-auth/skills --skill create-auth

If your environment uses a different skill loader or agent runtime, adapt the install step to that runtime, but keep the same repository path: better-auth/create-auth.

Start with the only file that matters

This skill is lightweight in structure. The key source is SKILL.md at better-auth/create-auth/SKILL.md. There are no supporting resources/, references/, or helper scripts to lean on, so your agent quality depends heavily on how well it follows the staged workflow in that file.

Read the planning phase before any code changes

The most important instruction in the repository is that planning is required before implementation. The skill tells the agent to:

scan the project,
ask all applicable planning questions in one pass,
summarize the plan,
only then implement.

If your agent skips that flow, you lose much of the value of the create-auth-skill skill.

What the skill tries to auto-detect

Before asking you questions, the skill looks for repository signals such as:

framework config files like next.config, svelte.config, nuxt.config, astro.config, or vite.config
Express or Hono entrypoints
ORM and database clues like prisma/schema.prisma, drizzle.config, or DB driver dependencies
existing auth packages such as next-auth, lucia, clerk, supabase/auth, or firebase/auth
lockfiles that reveal the package manager

This matters because stronger detection leads to fewer wrong install commands and fewer mismatched code examples.

Inputs that produce better create-auth-skill usage

A rough request like “add auth” is usually too weak. For better create-auth-skill usage, provide:

framework and version
runtime and package manager
ORM or database choice
whether this is a new app or migration
providers needed, such as email/password, GitHub, Google, magic link, or passkeys
session expectations, protected routes, and callback URLs
whether you want generated UI pages or only backend wiring

A stronger request looks like: “Use Better Auth in my Next.js app with Prisma and PostgreSQL, keep pnpm, add email/password plus GitHub OAuth, protect /dashboard, and create sign-in and sign-up pages without replacing my current layout.”

How to turn a goal into a usable prompt

A good prompt for this skill should include constraints, target outputs, and migration context. For example:

“Scan the repo first and confirm the framework, ORM, and existing auth.”
“Ask me all missing auth questions in one batch before editing files.”
“Then implement Better Auth using my current package manager.”
“Show the file plan before writing code.”
“Do not remove existing middleware until you explain the migration path.”

That prompt shape matches the skill's intended workflow and reduces partial or premature implementations.

Suggested workflow in practice

A practical create-auth-skill guide looks like this:

install the skill
ask the agent to scan the repo
answer its planning questions completely
approve the implementation plan
let it scaffold auth
review environment variables, provider secrets, and database migration steps
run the app and test sign-in, sign-out, session checks, and protected routes

The key decision point is step 4. If the plan does not mention your actual framework, adapter, routes, and providers, stop and correct it before code generation.

Repository-reading path for fast evaluation

If you are deciding whether to adopt the skill, read in this order:

frontmatter in SKILL.md for scope
Phase 1: Planning
the project scan section
the structured questions section
any implementation sections relevant to your framework

This gives you enough to judge whether the skill will save time in your repo or just restate Better Auth docs.

Practical boundaries to know before using it

The skill points you to better-auth.com/docs for code examples and syntax. That means it is a workflow and integration scaffold more than a self-contained reference manual. Expect it to help with orchestration and fit-to-project decisions, but rely on official docs for exact API details when your stack has edge cases.

When create-auth-skill is most useful for Access Control

For create-auth-skill for Access Control, the sweet spot is bootstrapping identity and session flows that later support protected pages, route guards, and role-aware logic. It gets you to a clean auth foundation. You may still need to add your own authorization rules, permission checks, and domain-specific policy layers after the initial setup.

create-auth-skill skill FAQ

Is create-auth-skill skill good for beginners?

Yes, if the beginner already has a JavaScript or TypeScript app and wants Better Auth specifically. The planning-first approach lowers the chance of random copy-paste setup. But it is not a full auth education path; beginners may still need the Better Auth docs for concepts and exact provider configuration.

Is this better than asking an AI to add auth from scratch?

Usually yes. The advantage is not hidden magic code; it is the workflow discipline. The create-auth-skill tells the agent to inspect the project and ask the right questions first. That is often the difference between a setup that matches your stack and one that breaks on first run.

Does create-auth-skill install everything automatically?

Not by itself. The skill guides the agent through implementation, but the final result still depends on your repo, dependencies, environment variables, provider credentials, and database state. Treat it as a structured implementation playbook, not a one-click installer.

Can I use create-auth-skill skill in an existing app?

Yes. In fact, existing apps are where it adds the most value because it looks for framework, ORM, and current auth signals before changing code. That said, migrations from another auth library still need careful review, especially around sessions, user tables, callbacks, and route protection.

When should I not use create-auth-skill?

Skip it if:

you are not committed to Better Auth
you need vendor-neutral auth architecture advice first
your main problem is authorization policy design rather than login/session setup
your stack is outside typical JS/TS app patterns supported by Better Auth examples

Does it cover authorization too?

Only indirectly. create-auth-skill for Access Control gives you the authentication base needed for access control, such as sessions and protected entry points. Fine-grained authorization—roles, permissions, tenant rules, and policy enforcement—still needs application-specific design.

How to Improve create-auth-skill skill

Give create-auth-skill complete planning inputs

The fastest way to improve output quality is to front-load missing details. Tell the agent your framework, DB, ORM, provider list, protected routes, package manager, and whether this is greenfield or migration work. Every omitted detail increases guesswork and raises the chance of wrong file edits.

Ask for a plan summary before edits

Even though the skill already pushes planning, explicitly require a short implementation plan with:

files to create or modify
auth methods to enable
env vars needed
migration steps
testing checklist

This catches mismatches early and makes the create-auth-skill guide more reliable in team settings.

Be explicit about migration constraints

A common failure mode is replacing existing auth too aggressively. If you have current auth code, tell the agent what must remain temporarily, what cannot break, and whether you want side-by-side migration. This changes the implementation strategy more than most users expect.

Improve prompts with route and UI expectations

If you want usable output, specify whether you need:

auth API handlers only
middleware or route guards
sign-in and sign-up pages
account management pages
server-side session checks
client-side hooks or helpers

Without that, the skill may produce a technically correct but incomplete auth setup.

Verify framework detection before trusting generated code

Because the skill relies on repository scanning, multi-app repos and unusual folder layouts can confuse detection. In monorepos, tell the agent which app directory to target. If not, it may read the wrong package.json, wrong lockfile, or wrong framework config and generate mismatched commands.

Use official docs for final syntax checks

The skill itself points to https://better-auth.com/docs. Use that for final provider syntax, adapter options, and framework-specific details. The best workflow is to use create-auth-skill for decision flow and project adaptation, then cross-check exact implementation details against the docs.

Iterate after first output with targeted corrections

Do not just say “fix it.” After the first pass, give precise feedback such as:

“Keep Drizzle, do not switch ORM.”
“Use GitHub OAuth only; remove email/password.”
“Protect only /app/*, not marketing routes.”
“Match my existing UI components instead of creating standalone pages.”

Targeted corrections help the skill converge quickly because the overall auth scaffold is usually close; the remaining issues are integration details.

Watch the common weak spots

The most likely places to review manually are:

environment variable names and missing secrets
callback URLs for OAuth providers
database adapter choice
route placement in framework-specific folders
middleware scope
session checks in server versus client code

These are the spots where even a good create-auth-skill usage flow can still need human confirmation.

Improve team adoption with a standard prompt template

If multiple developers will use the skill, create an internal prompt template that always includes stack, app path, auth methods, migration status, and protected route scope. Standardized prompts make results more predictable and reduce repeated planning back-and-forth.

How to judge whether create-auth-skill is working well

A good result from create-auth-skill is not just “files were generated.” It should:

match your actual framework and package manager
preserve intentional project conventions
list required env vars clearly
explain database and provider setup steps
leave you with a testable auth flow, not only code fragments

That is the right bar for deciding whether to keep using the skill in production workflows.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

two-factor-authentication-best-practices

by better-auth

two-factor-authentication-best-practices for Better Auth: install the twoFactor plugin, add client redirects, run migrations, verify schema, and implement TOTP, backup codes, trusted devices, and 2FA sign-in flows for Access Control.

Access Control

Favorites 0GitHub 163

organization-best-practices

by better-auth

organization-best-practices guides Better Auth organization setup for access control, covering server and client plugins, migration, database checks, org creation, invitations, roles, and RBAC-focused usage.

Access Control

Favorites 0GitHub 162

email-and-password-best-practices

by better-auth

email-and-password-best-practices helps you configure Better Auth email/password login, verification emails, reset flows, password rules, hashing options, and the required migration step.

Access Control

Favorites 0GitHub 162

better-auth-best-practices

by better-auth

better-auth-best-practices helps developers install and use Better Auth with the right env vars, auth.ts location, CLI migrate or generate steps, plugin updates, and /api/auth/ok verification.

Access Control

Favorites 0GitHub 162

claude-api

by anthropics

claude-api is a practical skill for installing and using the Claude API and Anthropic SDKs. It helps developers choose the right SDK or raw HTTP path, detect language-specific docs, and implement streaming, tool use, files, batches, and error handling with less guesswork.

API Development

Favorites 0GitHub 105k

ckm:design-system

by nextlevelbuilder

ckm:design-system helps you build three-layer tokens, component specs, CSS variables, Tailwind mappings, and brand-consistent slide assets from a clear token architecture.

Design Systems

Favorites 0GitHub 53.6k

vercel-react-best-practices

by vercel-labs

vercel-react-best-practices is a Vercel Engineering skill that guides AI agents to optimize React and Next.js performance with prioritized rules for waterfalls, bundle size, and rendering.

Frontend Development

Favorites 0GitHub 24k

shadcn

by shadcn-ui

Use the shadcn skill to inspect project context, run the right CLI commands, install components, and compose UI with documented patterns for base vs radix, forms, theming, and registries.

UI Design

Favorites 0GitHub 111k

systematic-debugging

by obra

systematic-debugging is a root-cause-first debugging skill for bugs, flaky tests, build failures, and unexpected behavior. Learn the four-phase workflow, companion files, and when to use it before proposing fixes.

Debugging

Favorites 0GitHub 121.8k

xlsx

by anthropics

The xlsx skill helps agents read, edit, repair, create, and convert .xlsx, .xlsm, .csv, and .tsv files when the required deliverable is a spreadsheet. It is strongest for template-preserving updates, formula-safe workbook edits, messy tabular cleanup, and practical spreadsheet workflows backed by repo scripts for packing, validation, and recalculation.

Spreadsheet Workflows

Favorites 0GitHub 105.1k

skill-creator

by anthropics

skill-creator is a Skill Authoring meta-skill for drafting new skills, revising existing SKILL.md files, running evals, comparing variants, and improving trigger descriptions with repository scripts and review tools.

Skill Authoring

Favorites 0GitHub 105.1k

pptx

by anthropics

Use the pptx skill to read, create, edit, split, merge, and inspect PowerPoint .pptx files. It guides you through text extraction with markitdown, thumbnail review, unpack/edit/clean/pack workflows, and PptxGenJS for new deck creation.

PowerPoint

Favorites 0GitHub 105.1k

pdf

by anthropics

The pdf skill guides PDF Processing tasks like text extraction, merge and split operations, rendering pages to images, and PDF form workflows. It is especially useful for checking fillable fields, extracting form metadata, and validating non-fillable form layouts with scripts.

PDF Processing

Favorites 0GitHub 105.1k

mcp-builder

by anthropics

mcp-builder is a practical guide for planning, building, and evaluating MCP servers for external APIs and services. It helps developers choose tool scope, naming, transport, Python or Node implementation patterns, and evaluation workflows so agents can use the server reliably.

MCP Server Development

Favorites 0GitHub 105k

copy-editing

by coreyhaines31

Use the copy-editing skill to improve existing marketing copy with a Seven Sweeps workflow. Learn install steps, recommended files, usage prompts, and how to preserve voice while tightening wording, proof, clarity, and copy-editing for Proofreading.

Proofreading

Favorites 0GitHub 17.3k

revops

by coreyhaines31

The revops skill helps agents design and optimize revenue operations, including lead lifecycle management, scoring, routing, and CRM automation. Use revops to define lifecycle stages, build scoring models, set routing rules, and implement automation workflows in HubSpot, Salesforce, or mixed stacks. Ideal for RevOps managers, CRM admins, and GTM leaders needing practical frameworks and reference files for CRM operations. Install via parent repo and follow the guide for best results.

CRM Operations

Favorites 0GitHub 17.3k