CtrlK
BlogDocsLog inGet started
Tessl Logo

cursor-api-key-management

Configure BYOK API keys for OpenAI, Anthropic, Google, Azure, and custom models in Cursor. Triggers on "cursor api key", "cursor openai key", "cursor anthropic key", "own api key cursor", "BYOK cursor", "cursor azure key".

64

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with concrete URLs, menu paths, and config blocks, and its workflows are clearly sequenced. Its main weaknesses are verbosity (including dated pricing and generic security advice Claude already knows) and a failure to use the existing reference bundle files, leaving their content duplicated inline rather than navigated to.

Suggestions

Replace the inline provider/cost/security/troubleshooting detail with brief overviews that link to the matching files in ./references/ (e.g., "See [supported-providers.md](references/supported-providers.md)"), so the bundle files serve as one-level-deep references instead of orphaned duplicates.

Move the "Approximate Token Costs (as of early 2026)" table out of the main body or into a clearly labeled dated/deprecated section, and trim generic advice Claude already knows (e.g., "Never hardcode API keys") to improve token efficiency.

Add an explicit validation checkpoint to each provider configuration workflow (e.g., after pasting the key, send a test request or confirm the model appears and responds) so the primary flows reach the level-3 workflow-clarity anchor.

DimensionReasoningScore

Conciseness

The body is mostly efficient with actionable provider steps, but it is padded with content Claude already knows (generic key-storage/security advice) and a time-sensitive "Approximate Token Costs (as of early 2026)" table that is not isolated in a deprecated/old-patterns section, which the guidelines say should penalize conciseness. It is below level 3 due to unnecessary explanation and dated pricing, and above level 1 because it is not a wall of conceptual preamble.

2 / 3

Actionability

Configuration is given as concrete, copy-paste-ready guidance: exact provider URLs (platform.openai.com/api-keys), specific menu paths ("Cursor Settings > Models > check Use own API key"), real base URLs for Ollama/LM Studio/Together, and a literal Azure config block with field names. For this instruction-only GUI skill the absence of code is not penalized because the guidance is specific and actionable.

3 / 3

Workflow Clarity

Provider configuration and key-rotation are clearly sequenced as numbered lists, and rotation includes a verify step, but the primary configuration workflows lack explicit validation checkpoints (e.g., no "test the key / verify Chat works" step after entry), so it does not reach the level-3 anchor. It is above level 1 because sequences are present, and below level 3 because validation is not woven into the main config flows.

2 / 3

Progressive Disclosure

Nine reference bundle files exist (supported-providers.md, configuration-methods.md, cost-management.md, security-best-practices.md, troubleshooting.md, team-key-management.md, etc.), yet the body never links to or signals any of them; instead it inlines that same content as a ~178-line monolithic document, matching the level-2 anchor ("references present but not clearly signaled; content that should be separate is inline"). It is not level 1 because the body is section-organized, and not level 3 because the existing bundle files are orphaned rather than used for one-level-deep navigation.

2 / 3

Total

9

/

12

Passed

Description

90%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is well-constructed: it states a clear action, lists the supported providers, and includes an explicit trigger clause with natural user phrasings. Its only weakness is that it names a single action rather than enumerating several concrete operations.

DimensionReasoningScore

Specificity

The description names the domain and a single concrete action ("Configure BYOK API keys for OpenAI, Anthropic, Google, Azure, and custom models in Cursor"), but lists only one action verb rather than multiple specific actions, so it falls short of the level-3 anchor.

2 / 3

Completeness

It answers both what ("Configure BYOK API keys...") and when via an explicit trigger clause ("Triggers on..."), satisfying the level-3 anchor and the guideline requiring an explicit 'Use when'/trigger clause.

3 / 3

Trigger Term Quality

It provides good coverage of natural phrases users would say ("cursor api key", "cursor openai key", "cursor anthropic key", "BYOK cursor", "cursor azure key"), matching the level-3 anchor for natural-term coverage.

3 / 3

Distinctiveness Conflict Risk

The Cursor + BYOK niche is clearly scoped with distinct, provider-specific triggers ("BYOK cursor", "cursor azure key"), making it unlikely to fire for the wrong skill.

3 / 3

Total

11

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.