clay-security-basics
Apply Clay security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Clay security configuration. Trigger with phrases like "clay security", "clay secrets", "secure clay", "clay API key security".
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill clay-security-basics81
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured skill description that excels in completeness and trigger term quality by providing explicit 'Use when' and 'Trigger with' clauses. The main weakness is that the specific capabilities could be more concrete - listing actual Clay-specific security actions rather than general security concepts would strengthen the description.
Suggestions
Add more concrete Clay-specific actions such as 'configure Clay workspace permissions', 'rotate Clay API tokens', or 'set up Clay webhook authentication' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (Clay security) and mentions some actions like 'securing API keys', 'implementing least privilege access', and 'auditing Clay security configuration', but these are somewhat general security concepts rather than highly specific concrete actions unique to Clay. | 2 / 3 |
Completeness | Clearly answers both what (apply Clay security best practices for secrets and access control) and when (explicit 'Use when' clause with specific scenarios plus 'Trigger with phrases' providing additional guidance). | 3 / 3 |
Trigger Term Quality | Explicitly lists natural trigger phrases users would say: 'clay security', 'clay secrets', 'secure clay', 'clay API key security'. These are practical terms a user would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | The Clay-specific focus with explicit trigger terms like 'clay security' and 'clay secrets' creates a clear niche that is unlikely to conflict with general security skills or other platform-specific skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid security skill with excellent actionability through concrete, executable code examples and good organization. The main weaknesses are some verbosity (audit logging example is extensive for a basics guide) and missing explicit error recovery steps in the secret rotation workflow, which is a security-critical operation.
Suggestions
Add explicit error handling to Step 2: what to do if the curl verification fails (e.g., 'If verification fails, do NOT revoke old key - troubleshoot first')
Trim the audit logging example or move it to an advanced security skill - it's detailed for a 'basics' document
Remove the 'Prerequisites' section - Claude knows what environment variables are and doesn't need this context
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Generally efficient but includes some unnecessary sections like 'Prerequisites' listing things Claude knows (understanding of environment variables) and the 'Output' section which is vague. The audit logging example is quite verbose for a 'basics' skill. | 2 / 3 |
Actionability | Provides fully executable code examples including bash commands, TypeScript patterns, and curl verification. The webhook signature verification and service account patterns are copy-paste ready with proper imports. | 3 / 3 |
Workflow Clarity | Step 2 (secret rotation) has a clear sequence with verification, but lacks explicit validation checkpoints for error recovery. The overall flow between steps is loose - no feedback loop if key verification fails in step 2. | 2 / 3 |
Progressive Disclosure | Well-organized with clear sections, appropriate use of tables for quick reference, and one-level-deep references to external resources and next steps. Content is appropriately scoped for a 'basics' skill with pointers to production checklist. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
75%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 12 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 12 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.