CtrlK
BlogDocsLog inGet started
Tessl Logo

exa-enterprise-rbac

Manage Exa API key scoping, team access controls, and domain restrictions. Use when implementing multi-key access control, configuring per-team search limits, or setting up organization-level Exa governance. Trigger with phrases like "exa access control", "exa RBAC", "exa enterprise", "exa team keys", "exa permissions".

76

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

92%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A highly actionable, concise code skill with clear sequencing and validation in its risky key-rotation workflow. Its only weak spot is progressive disclosure: everything lives inline in one file with no reference files to offload detail.

Suggestions

Move the ROLE_PERMISSIONS reference table and the per-use-case key config into a referenced file (e.g. references/role-permissions.md) so SKILL.md stays a lean overview pointing one level deep.

Add a brief 'Verify' checklist line in Step 5 explicitly gating traffic cutover on the curl returning 200, to make the feedback loop fully explicit.

Consider extracting the KeyUsageTracker and enforcedSearch helpers into a scripts/ file referenced from the body to reduce inline code volume.

DimensionReasoningScore

Conciseness

Lean, code-forward body that assumes Claude's competence; the only prose (the 'no built-in RBAC' note in the Overview) is non-obvious and load-bearing rather than padded explanation of basics.

3 / 3

Actionability

Provides fully executable TypeScript (key clients, permission middleware, usage tracker) and a copy-paste curl key-rotation script with concrete role definitions — no pseudocode.

3 / 3

Workflow Clarity

Steps 1–5 are clearly sequenced, and the destructive key-rotation step includes explicit validation (curl http_code check, 'verify new key works', 'monitor for errors') plus a 24h grace period before revoking the old key.

3 / 3

Progressive Disclosure

Well-organized into sections with no nested/broken references, but it is a single ~210-line file with no bundle files and no splitting of the role-permission reference or configs into separate files — content that could be externalized is inline.

2 / 3

Total

11

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, well-structured description: it states concrete capabilities, includes explicit 'Use when' guidance, and supplies natural trigger phrases, all in third-person imperative voice.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — 'Exa API key scoping, team access controls, and domain restrictions' plus 'configuring per-team search limits' and 'organization-level Exa governance' — matching the anchor for several specific actions.

3 / 3

Completeness

Explicitly states what it does ('Manage Exa API key scoping...') and when to use it ('Use when implementing multi-key access control...'), with an explicit 'Use when' trigger clause.

3 / 3

Trigger Term Quality

Provides natural trigger phrases users would say — 'exa access control', 'exa RBAC', 'exa enterprise', 'exa team keys', 'exa permissions' — giving good coverage of likely utterances.

3 / 3

Distinctiveness Conflict Risk

All triggers are 'exa'-prefixed and scoped to enterprise RBAC, carving a clear niche unlikely to collide with unrelated skills.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.