CtrlK
BlogDocsLog inGet started
Tessl Logo

exa-security-basics

Secure Exa API keys, implement content moderation, and manage domain restrictions. Use when securing API keys, auditing Exa security configuration, or implementing content safety filtering. Trigger with phrases like "exa security", "exa secrets", "secure exa", "exa API key security", "exa content moderation".

76

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

92%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A code-rich, actionable security skill with clear sequencing and verification checkpoints for its risky key-rotation workflow. Its main gap is progressive disclosure: the content is monolithic with no reference files splitting off the detailed examples and checklists.

Suggestions

Move the detailed Examples (git-history scan, key-rotation procedure) and/or the Security Checklist into reference files (e.g. references/ROTATION.md), keeping SKILL.md a concise overview with clearly signaled one-level-deep links.

Replace the bare 'see exa-prod-checklist' pointer in Next Steps with a concrete, clearly signaled path or link so navigation is unambiguous.

Consider splitting the five numbered code steps into per-topic reference files (e.g. references/STEPS.md), surfacing only the core workflow inline in SKILL.md.

DimensionReasoningScore

Conciseness

The body is code-forward with minimal prose and no over-explanation of concepts Claude already knows; inline comments such as '// strip HTML/template chars' are tight and every section earns its place.

3 / 3

Actionability

Provides fully executable TypeScript (createSecureClient, sanitizeQuery, safeDomainSearch) and bash (git log -S scan, curl key-rotation verification) that is copy-paste ready; not 2 because examples are concrete and complete rather than pseudocode.

3 / 3

Workflow Clarity

Steps 1–5 are clearly sequenced with explicit validation checkpoints (verify the new key via curl before revoking the old one, git log scan for leaked keys), an Error Handling detection→mitigation table, and a Security Checklist giving feedback loops for the risky rotation operation.

3 / 3

Progressive Disclosure

Well-organized into clear sections but monolithic — all five code steps, the error table, and examples live inline in SKILL.md with no one-level-deep reference files to offload detail, and the Next Steps pointer to 'exa-prod-checklist' is a bare name rather than a clearly signaled path.

2 / 3

Total

11

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, well-scoped description that names concrete actions, includes an explicit 'Use when' clause, and lists natural trigger phrases tied to a distinct Exa-security niche. No fluff or over-claims, and third-person voice is maintained throughout.

DimensionReasoningScore

Specificity

Enumerates three concrete actions — 'Secure Exa API keys, implement content moderation, and manage domain restrictions' — matching the multiple-specific-actions anchor; not 2 because it goes beyond naming a domain to listing distinct capabilities.

3 / 3

Completeness

States what ('Secure Exa API keys, implement content moderation, and manage domain restrictions') and when ('Use when securing API keys, auditing Exa security configuration, or implementing content safety filtering'), with an explicit trigger clause satisfying both halves.

3 / 3

Trigger Term Quality

Provides five explicit natural phrases ('exa security', 'exa secrets', 'secure exa', 'exa API key security', 'exa content moderation') a user would plausibly say; not 2 because common variations are well covered.

3 / 3

Distinctiveness Conflict Risk

Tightly scoped to the Exa API with Exa-specific triggers, giving a clear niche unlikely to conflict with generic security skills; not 2 because the scope and triggers are distinctly bound to Exa.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.