evernote-enterprise-rbac
Implement enterprise RBAC for Evernote integrations. Use when building multi-tenant systems, implementing role-based access, or handling business accounts. Trigger with phrases like "evernote enterprise", "evernote rbac", "evernote business", "evernote permissions".
77
73%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/evernote-pack/skills/evernote-enterprise-rbac/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid description with clear 'when' triggers and a distinct niche targeting Evernote enterprise RBAC. Its main weakness is that the 'what' portion is somewhat high-level—it could benefit from listing more concrete actions beyond just 'implement enterprise RBAC'. The trigger terms are well-chosen and specific enough to avoid conflicts.
Suggestions
Add more specific concrete actions to the 'what' portion, e.g., 'create and assign roles, manage tenant permissions, configure business account access policies, audit permission changes'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | It names the domain (enterprise RBAC for Evernote integrations) and mentions some actions like 'building multi-tenant systems' and 'implementing role-based access', but doesn't list multiple concrete actions (e.g., creating roles, assigning permissions, managing tenants, auditing access). | 2 / 3 |
Completeness | Clearly answers both 'what' (implement enterprise RBAC for Evernote integrations) and 'when' (building multi-tenant systems, implementing role-based access, handling business accounts) with explicit trigger phrases provided. | 3 / 3 |
Trigger Term Quality | Includes explicit trigger phrases like 'evernote enterprise', 'evernote rbac', 'evernote business', 'evernote permissions' as well as natural terms like 'multi-tenant systems', 'role-based access', and 'business accounts'. Good coverage of terms a user would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of 'Evernote' + 'enterprise RBAC' is a very specific niche. The trigger terms are highly distinctive and unlikely to conflict with other skills unless there's another Evernote-specific RBAC skill. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill has good structure and progressive disclosure, with a clear overview pointing to detailed references. However, it falls short on actionability—three of five steps lack executable code, relying on vague descriptions instead. The workflow lacks validation checkpoints critical for security-sensitive RBAC implementations, and some content (prerequisites, descriptive prose) could be tightened.
Suggestions
Add executable code examples for Steps 3 (Express middleware), 4 (Business authentication), and 5 (multi-tenant token scoping) instead of vague descriptions.
Add a validation/verification step—e.g., a test script or checklist to confirm RBAC permissions are correctly enforced before deploying.
Remove the Prerequisites section (Claude already knows these concepts) and tighten descriptive text in steps to focus on concrete instructions.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary preamble (Prerequisites section listing things Claude already knows, like 'multi-tenant application architecture') and descriptive text that could be tightened, but is mostly reasonable in length. Steps 3 and 5 are vague prose without code, wasting tokens on description rather than actionable content. | 2 / 3 |
Actionability | Steps 1 and 2 provide executable JavaScript code, but Steps 3, 4, and 5 are vague descriptions without concrete implementations. The middleware step just says 'Create Express middleware' without showing any code. Key details like the `hasPermission` method and `authenticateToBusiness()` usage are missing. | 2 / 3 |
Workflow Clarity | Steps are numbered and sequenced, but there are no validation checkpoints or feedback loops. For a multi-tenant system handling authorization (a security-sensitive, potentially destructive context), there's no verification step to confirm permissions are correctly enforced, no testing guidance, and no error recovery workflow. | 2 / 3 |
Progressive Disclosure | The skill provides a clear overview with well-organized sections, references a single implementation guide for full details, and includes a resources section with external links. The structure is clean with one-level-deep references and easy navigation. | 3 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
70e9fa4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.