CtrlK
BlogDocsLog inGet started
Tessl Logo

apollo-security-basics

Apply Apollo.io API security best practices. Use when securing Apollo integrations, managing API keys, or implementing secure data handling. Trigger with phrases like "apollo security", "secure apollo api", "apollo api key security", "apollo data protection".

72

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

92%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A highly actionable, lean code-centric skill with clear validation checkpoints in its rotation and audit workflows. Its main weakness is progressive disclosure: the provided implementation-guide.md reference is never linked from the body and its content is largely duplicated inline rather than split out.

Suggestions

Link references/implementation-guide.md from the body (e.g., a '## Deep dive' section pointing to it) so the bundle reference is discoverable.

Move the duplicated detail (full rotation manager, PII handler, scoped-client internals) into implementation-guide.md and keep SKILL.md as a concise overview, reducing the inline duplication.

Replace the non-link 'Apollo Security Practices' bullet under Resources with a real URL or remove it to avoid a dead reference entry.

DimensionReasoningScore

Conciseness

The body is dense executable TypeScript and bash with minimal prose and no explanations of concepts Claude already knows; every block (key loading, redaction interceptor, scoped clients, rotation, audit) earns its place, matching the lean anchor 3 profile.

3 / 3

Actionability

Provides fully executable, copy-paste-ready code with specific commands (Secret Manager access, axios interceptors, .gitignore entries, execSync audit checks) rather than vague direction, matching the anchor 3 example.

3 / 3

Workflow Clarity

Multi-step processes have explicit validation checkpoints — Step 4 rotation verifies the new key and aborts on failure ('New API key invalid — aborting rotation'), and Step 5 is a pass/fail audit checklist with an error-handling table, satisfying the feedback-loop anchor 3.

3 / 3

Progressive Disclosure

A bundle file references/implementation-guide.md exists but is never linked or signaled from the body, and the body duplicates much of its content (key storage, rotation, PII redaction, error table) inline — fitting the anchor 2 pattern of content that should be separate being inline and references not clearly signaled.

2 / 3

Total

11

/

12

Passed

Description

90%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A well-formed description that answers both 'what' and 'when' with explicit, natural trigger phrases and a clear Apollo-specific niche. Its only weakness is mild abstraction in the capability wording ('best practices', 'secure data handling') rather than listing fully concrete actions.

DimensionReasoningScore

Specificity

Names the domain and several actions ('securing Apollo integrations, managing API keys, or implementing secure data handling') but the headline 'Apply Apollo.io API security best practices' and 'secure data handling' are abstract compared to the concrete multi-action anchor 3 example; not fully comprehensive.

2 / 3

Completeness

Clearly states what ('Apply Apollo.io API security best practices') and when ('Use when securing Apollo integrations...'), plus an explicit 'Trigger with phrases like...' clause, satisfying both halves with explicit triggers.

3 / 3

Trigger Term Quality

Explicit natural trigger phrases ('apollo security', 'secure apollo api', 'apollo api key security', 'apollo data protection') give good coverage of terms a user would actually say, matching the anchor 3 profile.

3 / 3

Distinctiveness Conflict Risk

Apollo.io is a specific niche and the trigger phrases are narrowly scoped, making conflict with other skills unlikely per the anchor 3 example.

3 / 3

Total

11

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.