CtrlK
BlogDocsLog inGet started
Tessl Logo

evernote-security-basics

Implement security best practices for Evernote integrations. Use when securing API credentials, implementing OAuth securely, or hardening Evernote integrations. Trigger with phrases like "evernote security", "secure evernote", "evernote credentials", "evernote oauth security".

69

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

72%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A well-organized, token-efficient security guide that uses progressive disclosure effectively via a real reference file. Its weak spots are incomplete actionability — several steps are prose without executable code — and the absence of explicit validation checkpoints across the multi-step workflow.

Suggestions

Add an executable AES-256-GCM encrypt/decrypt code example in Step 3 (and code for Steps 4 and 6) so token storage, input validation, and lifecycle guidance are copy-paste ready rather than prose.

Insert explicit validation checkpoints into the workflow sequence (e.g., 'verify credentials load before starting OAuth', 'confirm an encrypt→decrypt round-trip succeeds before storing tokens') to make the process safer and unambiguous.

Trim redundancy between the Instructions, Output, and Examples sections — the Output and Examples restate the steps — to recover tokens without losing information.

DimensionReasoningScore

Conciseness

Lean body that assumes Claude's competence — no padding explaining what OAuth or AES is — with code examples and concrete steps earning their tokens. The only slack is minor redundancy in the Output/Examples sections, not enough to drop below the score-3 anchor.

3 / 3

Actionability

Steps 1, 2, and 5 ship executable code, but Step 3 ('Encrypt access tokens at rest using AES-256-GCM'), Step 4 (input validation), and Step 6 (token lifecycle) are prose-only with missing implementation details, matching the 'some concrete guidance but incomplete' anchor.

2 / 3

Workflow Clarity

The six steps are clearly sequenced and there is fail-fast/CSRF validation inside individual steps, but there are no explicit validation checkpoints gating the overall flow (e.g., verify-then-proceed), leaving checkpoints implicit per the score-2 anchor.

2 / 3

Progressive Disclosure

SKILL.md is a concise overview with a clearly signaled one-level-deep reference ('see [Implementation Guide](references/implementation-guide.md)') to a real, well-organized bundle file, matching the score-3 anchor.

3 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A well-constructed description in third-person voice that clearly states capabilities, provides explicit 'Use when' triggers, and includes natural keyword variations a user would say. It answers both what and when without padding.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — 'securing API credentials, implementing OAuth securely, or hardening Evernote integrations' — rather than vague language, matching the score-3 anchor.

3 / 3

Completeness

Explicitly answers both what ('Implement security best practices for Evernote integrations') and when ('Use when securing API credentials...'), with an explicit 'Use when' trigger clause.

3 / 3

Trigger Term Quality

Provides natural phrases a user would actually say ('evernote security', 'secure evernote', 'evernote credentials', 'evernote oauth security') with good coverage of variations.

3 / 3

Distinctiveness Conflict Risk

Clear Evernote-security niche with distinct, domain-specific triggers unlikely to conflict with other skills.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.