apollo-security-basics
Apply Apollo.io API security best practices. Use when securing Apollo integrations, managing API keys, or implementing secure data handling. Trigger with phrases like "apollo security", "secure apollo api", "apollo api key security", "apollo data protection".
85
83%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured description with strong trigger terms and clear 'Use when' guidance that makes it easy for Claude to select appropriately. Its main weakness is that the 'what' portion is somewhat vague—'apply best practices' and 'secure data handling' don't enumerate the specific concrete actions the skill teaches. Adding 2-3 more specific capabilities would strengthen it.
Suggestions
Expand the capabilities section with specific concrete actions, e.g., 'Covers API key rotation, environment variable storage, rate limiting, OAuth configuration, and request signing for Apollo.io integrations.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (Apollo.io API security) and mentions some actions like 'managing API keys' and 'implementing secure data handling', but doesn't list multiple specific concrete actions (e.g., rotating keys, setting rate limits, encrypting payloads, configuring OAuth scopes). | 2 / 3 |
Completeness | Clearly answers both 'what' (apply Apollo.io API security best practices) and 'when' (explicit 'Use when' clause with triggers for securing integrations, managing API keys, implementing secure data handling, plus explicit trigger phrases). | 3 / 3 |
Trigger Term Quality | Includes explicit trigger phrases like 'apollo security', 'secure apollo api', 'apollo api key security', 'apollo data protection' which are natural terms a user would say. Also includes broader terms like 'securing Apollo integrations' and 'managing API keys'. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of 'Apollo.io' + 'API security' creates a very specific niche. The trigger terms are all Apollo-specific, making it unlikely to conflict with general security skills or other API integration skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, actionable skill with executable TypeScript code covering key security concerns for Apollo.io API integrations. The workflow is well-sequenced with validation steps, particularly in key rotation and the audit script. Minor weaknesses include some unnecessary contextual explanation and a monolithic structure that could benefit from splitting larger code blocks into referenced files.
Suggestions
Remove contextual framing like '275M+ contacts' and the Output section summary — Claude doesn't need motivation or restated summaries.
Consider extracting the PII redaction utility and security audit script into separate bundle files (e.g., redact.ts, audit.ts) and referencing them from the SKILL.md for better progressive disclosure.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Generally efficient with good code examples, but includes some unnecessary explanation (e.g., 'Apollo API keys grant broad access to 275M+ contacts' is context Claude doesn't need, and the Output section largely restates what the steps already cover). The inline comments are mostly useful, though some could be trimmed. | 2 / 3 |
Actionability | Provides fully executable TypeScript code for every step — secret manager retrieval, PII redaction with regex patterns, scoped client creation, key rotation with verification, and a security audit script. Code is copy-paste ready with concrete patterns and anti-patterns (NEVER/ALWAYS comments). | 3 / 3 |
Workflow Clarity | Steps are clearly sequenced from key storage through PII redaction, minimal permissions, key rotation, and audit. The rotation procedure includes explicit verification before proceeding (check new key → update secrets → deploy → revoke old). The audit script provides automated validation checkpoints with PASS/FAIL output. | 3 / 3 |
Progressive Disclosure | The skill is well-structured with clear sections, but at ~150 lines it's fairly long and could benefit from splitting the audit script and PII redaction utility into separate referenced files. The reference to 'apollo-prod-checklist' in Next Steps is good, but no bundle files exist to support progressive disclosure. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3a2d27d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.