apollo-security-basics
Apply Apollo.io API security best practices. Use when securing Apollo integrations, managing API keys, or implementing secure data handling. Trigger with phrases like "apollo security", "secure apollo api", "apollo api key security", "apollo data protection".
85
83%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid description with clear 'when' triggers and good distinctiveness due to the Apollo.io + security niche. Its main weakness is that the 'what' portion is somewhat vague—'apply best practices' and 'secure data handling' don't enumerate the specific concrete actions the skill performs. Adding more specific capabilities would strengthen it.
Suggestions
List 2-3 more specific concrete actions, e.g., 'rotate API keys, configure webhook authentication, set IP allowlists, encrypt sensitive fields' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (Apollo.io API security) and mentions some actions like 'managing API keys' and 'implementing secure data handling', but doesn't list multiple specific concrete actions (e.g., rotating keys, encrypting payloads, setting rate limits, configuring OAuth scopes). | 2 / 3 |
Completeness | Clearly answers both 'what' (apply Apollo.io API security best practices) and 'when' (securing Apollo integrations, managing API keys, implementing secure data handling) with explicit trigger phrases listed. | 3 / 3 |
Trigger Term Quality | Includes natural trigger phrases users would say: 'apollo security', 'secure apollo api', 'apollo api key security', 'apollo data protection'. These cover common variations a user might naturally use when seeking this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Highly specific niche combining Apollo.io with API security best practices. The explicit mention of 'Apollo' as a product name and security-specific triggers make it very unlikely to conflict with generic security or generic API skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, actionable skill with executable TypeScript examples covering key security concerns for Apollo.io API integrations. The workflow is well-sequenced with validation checkpoints, particularly in key rotation. The main weakness is that the content is somewhat lengthy for a SKILL.md — the audit script and PII redaction module could be referenced rather than fully inlined, improving both conciseness and progressive disclosure.
Suggestions
Consider moving the full security audit script and PII redaction module into separate referenced files (e.g., AUDIT.md, REDACTION.md) and keeping only usage summaries in the main skill.
Remove the Output section, which restates what the steps already cover and adds no new information.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is mostly efficient with good code examples, but includes some unnecessary commentary (e.g., 'Apollo API keys grant broad access to 275M+ contacts') and the Output section largely restates what was already covered. Some inline comments are helpful but others are redundant. | 2 / 3 |
Actionability | Every step includes fully executable TypeScript code with concrete patterns — secret manager integration, PII redaction with regex patterns, scoped client creation, key rotation with verification, and a security audit script. The code is copy-paste ready and specific to Apollo's API. | 3 / 3 |
Workflow Clarity | The 5-step sequence is logically ordered from foundational (key storage) through operational (rotation, audit). The key rotation procedure includes explicit verification before proceeding, and the audit script provides a validation checklist with pass/fail feedback loops. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear sections and a reference to 'apollo-prod-checklist' for next steps, but the skill is quite long (~150 lines of substantive content) and could benefit from splitting the audit script and PII redaction utility into separate referenced files rather than inlining everything. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
70e9fa4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.