documenso-security-basics

Implement security best practices for Documenso document signing integrations. Use when securing API keys, configuring webhooks securely, or implementing document security measures. Trigger with phrases like "documenso security", "secure documenso", "documenso API key security", "documenso webhook security".

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill documenso-security-basics

What are skills?

1.58x

Quality

83%

Does it follow best practices?

Impact

95%

1.58x

Average score across 3 eval scenarios

SKILL.md

Review

Evals

Discovery

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a well-structured skill description that excels at completeness and distinctiveness through explicit trigger phrases and clear 'Use when' guidance. The main weakness is that the specific actions could be more concrete - terms like 'security best practices' and 'security measures' are somewhat vague compared to listing specific techniques or configurations.

Suggestions

Replace vague terms like 'security best practices' and 'document security measures' with specific actions such as 'rotate API keys', 'validate webhook signatures', 'configure HTTPS endpoints', or 'implement token expiration'

Dimension	Reasoning	Score
Specificity	Names the domain (Documenso security) and mentions some actions like 'securing API keys', 'configuring webhooks securely', and 'implementing document security measures', but these are somewhat generic security concepts rather than highly specific concrete actions.	2 / 3
Completeness	Clearly answers both what (implement security best practices for Documenso integrations) and when (explicit 'Use when...' clause with specific scenarios plus 'Trigger with phrases' providing additional guidance).	3 / 3
Trigger Term Quality	Explicitly lists natural trigger phrases users would say: 'documenso security', 'secure documenso', 'documenso API key security', 'documenso webhook security'. These are specific, natural variations covering the key use cases.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive due to the specific 'Documenso' product focus combined with security context. The explicit trigger phrases with 'documenso' prefix make it unlikely to conflict with generic security skills or other document signing tools.	3 / 3
	Total	11 / 12 Passed

Implementation

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a strong, actionable security skill with excellent executable code examples covering key security concerns for Documenso integrations. The workflow is clear with good validation steps, particularly for key rotation. However, the skill is somewhat verbose and could be more concise by externalizing detailed implementations to reference files and removing redundant sections like the Output summary.

Suggestions

Remove the 'Output' section as it merely summarizes what the skill already demonstrates in code

Consider moving detailed implementations (audit logging, input validation) to separate reference files and keeping only quick-start examples in the main skill

Dimension	Reasoning	Score
Conciseness	The skill is mostly efficient with good code examples, but includes some unnecessary sections like 'Prerequisites' listing 'Basic security concepts' and the 'Output' section which adds little value. The checklist at the end partially duplicates information already covered in the code examples.	2 / 3
Actionability	Provides fully executable TypeScript code for every security concept covered - API key management, webhook verification with timing-safe comparison, input validation with Zod schemas, and audit logging. All examples are copy-paste ready with proper imports and error handling.	3 / 3
Workflow Clarity	Clear step-by-step progression from API key management through webhook security to audit logging. The key rotation procedure includes explicit numbered steps with validation checkpoints. The security checklist provides a clear verification workflow for implementation completeness.	3 / 3
Progressive Disclosure	Content is well-organized with clear sections, but the skill is quite long (200+ lines) and could benefit from splitting detailed implementations (like audit logging or input validation) into separate reference files. The 'Next Steps' reference to 'documenso-prod-checklist' is good but more could be externalized.	2 / 3
	Total	10 / 12 Passed

Validation

81%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 9 / 11 Passed

Validation for skill structure

Criteria	Description	Result
allowed_tools_field	'allowed-tools' contains unusual tool name(s)	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	9 / 11 Passed

Reviewed: 2 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.