evernote-enterprise-rbac
Implement enterprise RBAC for Evernote integrations. Use when building multi-tenant systems, implementing role-based access, or handling business accounts. Trigger with phrases like "evernote enterprise", "evernote rbac", "evernote business", "evernote permissions".
69
63%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/evernote-pack/skills/evernote-enterprise-rbac/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured description with strong trigger terms and clear 'what/when' guidance. Its main weakness is that the capability description is somewhat high-level—it could benefit from listing more concrete actions beyond just 'implement enterprise RBAC'. The distinctiveness is excellent due to the narrow Evernote enterprise niche.
Suggestions
Add more specific concrete actions such as 'create and assign roles, manage business notebook permissions, configure shared workspace access, handle admin privileges' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (enterprise RBAC for Evernote integrations) and mentions some actions like 'building multi-tenant systems' and 'implementing role-based access', but doesn't list multiple concrete specific actions (e.g., creating roles, assigning permissions, managing business notebooks, handling shared resources). | 2 / 3 |
Completeness | Clearly answers both 'what' (implement enterprise RBAC for Evernote integrations) and 'when' (building multi-tenant systems, implementing role-based access, handling business accounts) with explicit trigger phrases provided. | 3 / 3 |
Trigger Term Quality | Includes explicit trigger phrases like 'evernote enterprise', 'evernote rbac', 'evernote business', 'evernote permissions' which are natural terms users would say. Also includes broader terms like 'multi-tenant systems' and 'role-based access' that provide good coverage. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of 'Evernote' + 'enterprise RBAC' is a very specific niche that is unlikely to conflict with other skills. The trigger terms are highly distinctive and narrowly scoped. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
37%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides a reasonable structural overview of Evernote RBAC implementation with some executable code examples, but falls short on actionability for half its steps and lacks validation/verification workflows critical for a security-sensitive domain. The referenced implementation guide doesn't exist in the bundle, leaving significant gaps in the concrete guidance available.
Suggestions
Add executable code for Steps 3-5 (Express middleware, Business authentication, multi-tenant scoping) or ensure the referenced implementation-guide.md bundle file exists with complete implementations.
Add validation checkpoints to the workflow, such as verifying token validity before permission checks, testing RBAC rules with sample requests, and confirming tenant isolation with explicit assertions.
Remove the Prerequisites section (Claude knows these concepts) and trim step descriptions to focus on code and specific API calls rather than general advice.
Include a concrete end-to-end example showing a request flowing through authentication, tenant resolution, RBAC check, and Evernote API call with expected outputs at each stage.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary preamble (Prerequisites section explaining concepts Claude knows, verbose step descriptions) but is mostly reasonable in length. The 'Overview' and 'Prerequisites' sections add little value, and some steps like Step 3 and Step 5 are thin on content yet padded with general advice. | 2 / 3 |
Actionability | Steps 1 and 2 provide executable JavaScript code, but Steps 3, 4, and 5 are vague descriptions without concrete implementations. Step 3 says 'Create Express middleware' without showing any code. Step 5 gives general advice ('Never mix tokens') without executable patterns. The reference to implementation-guide.md could fill these gaps but the bundle file doesn't exist. | 2 / 3 |
Workflow Clarity | The steps are listed but lack clear sequencing dependencies, validation checkpoints, and feedback loops. For a security-critical RBAC system involving multi-tenant token isolation and permission checking, there are no verification steps, no testing guidance, and no error recovery workflows. The error handling table is helpful but disconnected from the workflow steps. | 1 / 3 |
Progressive Disclosure | The skill references an implementation guide at 'references/implementation-guide.md' and a related skill 'evernote-migration-deep-dive', which is good structure. However, no bundle files are provided, so the referenced implementation guide doesn't exist, and the inline content for Steps 3-5 is too thin to stand alone without it. The overall organization with sections is reasonable. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3a2d27d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.