CtrlK
BlogDocsLog inGet started
Tessl Logo

documenso-security-basics

Implement security best practices for Documenso document signing integrations. Use when securing API keys, configuring webhooks securely, or implementing document security measures. Trigger with phrases like "documenso security", "secure documenso", "documenso API key security", "documenso webhook security".

72

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

92%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A dense, executable, well-sequenced security skill with strong code examples and validation checkpoints. Its main weakness is progressive disclosure: a reference bundle exists but is not linked from the body, and the SKILL.md carries the full implementation inline.

Suggestions

Reference the bundled guide from the body (e.g., "For full walkthroughs, see [implementation-guide.md](references/implementation-guide.md)") so the orphaned reference file is discoverable.

Move the step-by-step code expansions into references/implementation-guide.md and keep SKILL.md as a concise overview pointing to it, reducing inline weight to one level of depth.

DimensionReasoningScore

Conciseness

The body is code-forward and lean: it skips basic concept explanations and lets tight code blocks, key-management rules, and a checklist carry the content with every token earning its place.

3 / 3

Actionability

It provides concrete, copy-paste-ready TypeScript, Python, and bash examples for each step (e.g., the timingSafeEqual webhook verifier and the openssl certificate generation commands) rather than vague direction.

3 / 3

Workflow Clarity

The six steps are clearly sequenced, the key-rotation procedure includes an explicit "Verify secondary key works" checkpoint, and the Security Checklist plus Error Handling table provide validation and feedback loops for the security operations.

3 / 3

Progressive Disclosure

The body is well-sectioned but keeps all detailed implementation content inline (~170 lines) and never references the bundled references/implementation-guide.md, so a reference file is present yet orphaned and content that could be split is not.

2 / 3

Total

11

/

12

Passed

Description

90%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A well-formed description that explicitly covers what, when, and trigger phrases with a clear Documenso niche. It is held back only by slightly vague action language alongside the concrete sub-tasks.

Suggestions

Replace "implementing document security measures" with the specific concrete actions the skill covers (e.g., "document access control" and "self-hosted signing certificate configuration") to lift specificity.

DimensionReasoningScore

Specificity

It names the domain and several concrete actions ("securing API keys", "configuring webhooks securely"), but pairs them with vague phrases like "security best practices" and "implementing document security measures" rather than a comprehensive list of specific actions.

2 / 3

Completeness

It clearly states what it does ("Implement security best practices for Documenso document signing integrations") and when to use it ("Use when securing API keys, configuring webhooks securely...") with explicit trigger guidance.

3 / 3

Trigger Term Quality

Explicit trigger phrases ("documenso security", "secure documenso", "documenso API key security", "documenso webhook security") give good coverage of natural terms a user would say when needing this skill.

3 / 3

Distinctiveness Conflict Risk

It is narrowly scoped to Documenso with distinct, product-specific triggers, making it unlikely to fire for unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.