CtrlK
BlogDocsLog inGet started
Tessl Logo

apollo-enterprise-rbac

Enterprise role-based access control for Apollo.io. Use when implementing team permissions, restricting data access, or setting up enterprise security controls. Trigger with phrases like "apollo rbac", "apollo permissions", "apollo roles", "apollo team access", "apollo enterprise security".

68

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

80%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A strong, code-dense skill body with executable TypeScript and a clear step sequence, weakened only by absent validation checkpoints for a security-critical workflow and by failing to surface the available reference bundle. Addressing those two gaps would lift the body to top-tier quality.

Suggestions

Add explicit validation/verification checkpoints to the workflow (e.g. 'Verify the permission matrix by calling each endpoint with a test scoped key', 'Confirm revoked keys return 401') with a fix-retry feedback loop, since RBAC and key revocation are security-critical and batch-capable operations.

Link the existing references/implementation-guide.md from the body (e.g. a '## Implementation Guide' section with 'See [implementation-guide.md](references/implementation-guide.md) for the full permission hierarchy and audit trail') so the bundle is discoverable and one level deep.

Consider moving the full code listings into the reference and keeping SKILL.md as a concise overview pointing to it, reducing the inline footprint to better follow progressive disclosure.

DimensionReasoningScore

Conciseness

The body is dominated by lean, executable TypeScript with minimal prose and no padding about concepts Claude already knows; the one paragraph of context (Apollo keys being all-or-nothing) is genuinely non-obvious domain knowledge, so every token earns its place.

3 / 3

Actionability

Provides fully executable, copy-paste-ready TypeScript across five files (roles.ts, api-keys.ts, middleware.ts, proxy.ts, admin.ts) with real Apollo API paths and concrete src/rbac/... file locations, matching the anchor 3 example.

3 / 3

Workflow Clarity

Five clearly numbered, sequenced steps are present, but a security-critical RBAC proxy with batch operations has no validation or verification checkpoints (no 'verify the permission matrix', 'test key revocation', or fix-retry feedback loop), which caps the score at 2 per the destructive/batch feedback-loop rule.

2 / 3

Progressive Disclosure

Sections are organized (Steps 1-5, Output, Error Handling, Resources), but the 271-line body inlines all full implementations while the existing references/implementation-guide.md bundle file is never referenced or signaled from the body, leaving inline content that should be split and an orphaned reference.

2 / 3

Total

10

/

12

Passed

Description

90%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A well-crafted, third-person description that clearly states both capability and trigger conditions with natural phrasing. The only weak spot is specificity, where the actions read at a slightly abstract level rather than enumerating concrete operations.

DimensionReasoningScore

Specificity

Names the Apollo.io RBAC domain and several actions ('implementing team permissions, restricting data access, or setting up enterprise security controls'), but the actions are high-level rather than the concrete operations (e.g. build permission matrix, scoped keys, middleware) listed in the body, so it falls short of the multi-concrete-action anchor 3.

2 / 3

Completeness

Clearly answers both what ('Enterprise role-based access control for Apollo.io') and when ('Use when implementing team permissions, restricting data access...') with explicit trigger guidance, matching the anchor 3 example.

3 / 3

Trigger Term Quality

Provides natural phrases users would actually say ('apollo rbac', 'apollo permissions', 'apollo roles', 'apollo team access', 'apollo enterprise security') with good coverage of variations, matching the anchor 3 example.

3 / 3

Distinctiveness Conflict Risk

Tightly scoped to Apollo.io enterprise RBAC with distinct, product-specific triggers, giving it a clear niche unlikely to conflict with unrelated skills, matching anchor 3.

3 / 3

Total

11

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.