firecrawl-security-basics
Apply Firecrawl security best practices for API key management and webhook verification. Use when securing API keys, implementing webhook signature validation, or auditing Firecrawl security configuration. Trigger with phrases like "firecrawl security", "firecrawl secrets", "secure firecrawl", "firecrawl API key security", "firecrawl webhook signature".
85
83%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly identifies its niche (Firecrawl security), provides explicit trigger guidance, and answers both what and when. The main weakness is that the 'what' could be more specific—'apply best practices' is somewhat vague and the concrete actions (API key rotation, environment variable storage, signature validation implementation) could be spelled out more explicitly.
Suggestions
Replace 'Apply Firecrawl security best practices' with more specific actions like 'Store API keys in environment variables, rotate credentials, validate webhook HMAC signatures' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (Firecrawl security) and some actions (API key management, webhook verification), but doesn't list multiple concrete actions in detail—'apply best practices' is somewhat vague, and 'auditing security configuration' is broad. | 2 / 3 |
Completeness | Clearly answers both 'what' (API key management, webhook signature validation, auditing security config) and 'when' (explicit 'Use when' clause and 'Trigger with phrases' section providing concrete triggers). | 3 / 3 |
Trigger Term Quality | Includes explicit trigger phrases like 'firecrawl security', 'firecrawl secrets', 'secure firecrawl', 'firecrawl API key security', 'firecrawl webhook signature'—these are natural terms a user would say and cover good variations. | 3 / 3 |
Distinctiveness Conflict Risk | Highly specific to Firecrawl security concerns—API key management and webhook verification for Firecrawl specifically. Unlikely to conflict with generic security skills or other Firecrawl skills due to the narrow security focus. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable security skill with executable code examples and clear step-by-step workflows. Its main weakness is moderate verbosity — the prerequisites section and some explanatory comments are unnecessary for Claude. The content structure is good but could benefit from splitting detailed code blocks into referenced files.
Suggestions
Remove the Prerequisites section — Claude already understands environment variables and API keys.
Consider moving the webhook verification and content sanitization code into separate referenced files to improve progressive disclosure and reduce the main file length.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with good code examples, but includes some unnecessary content like the Prerequisites section (Claude knows what env vars are), and the sanitization step feels tangential to the core security topic. The checklist and error table add value but could be tighter. | 2 / 3 |
Actionability | Fully executable code examples throughout — bash commands, TypeScript with proper imports, curl verification commands. Every step has copy-paste ready code with specific Firecrawl details like the 'fc-' prefix validation and exact header names. | 3 / 3 |
Workflow Clarity | Steps are clearly sequenced from basic (key storage) to advanced (rotation, sanitization). The key rotation step includes an explicit verification checkpoint (curl test before removing old key). The webhook handler includes clear reject/accept logic. The security checklist serves as a validation summary. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear sections and a checklist, but it's somewhat monolithic — the webhook verification code and sanitization code could be referenced as separate files. The 'Next Steps' reference to 'firecrawl-prod-checklist' is good but the link format is inconsistent with other resources. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
c8a915c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.