CtrlK
BlogDocsLog inGet started
Tessl Logo

fireflies-security-basics

Apply Fireflies.ai security best practices for API keys and webhook verification. Use when securing API keys, verifying webhook signatures, or auditing Fireflies.ai security configuration. Trigger with phrases like "fireflies security", "fireflies secrets", "secure fireflies", "fireflies webhook signature", "fireflies HMAC".

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

50%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A dense, actionable security skill with real code and useful tables, but it is held back by a runnable-code bug in the Python example, missing validation checkpoints in the destructive rotation flow, and monolithic inline content that should be split into reference files.

Suggestions

Fix the Python webhook example: add `import os` so `os.environ['FIREFLIES_WEBHOOK_SECRET']` is defined and the block is executable as written (raises actionability).

Add explicit validation checkpoints to sensitive workflows — send a test webhook and confirm a 200 before trusting it, and verify the new key works in production before revoking the old one (raises workflow_clarity).

Move the per-language webhook verification examples into references/webhook-verify-ts.md and references/webhook-verify-python.md, keeping one quick-start example inline, to remove duplication and improve progressive disclosure (also tightens conciseness).

DimensionReasoningScore

Conciseness

Largely lean and code-driven with no concept-explanation padding, but it duplicates webhook verification across TypeScript (Step 2) and Python (Step 4) and restates work in 'Output'/'Next Steps', so it could be tightened.

2 / 3

Actionability

Mostly concrete, copy-paste-ready code and commands, but the Python example uses os.environ['FIREFLIES_WEBHOOK_SECRET'] without importing os, leaving that flagship block incomplete and not runnable as written.

2 / 3

Workflow Clarity

Steps 1–6 are clearly sequenced with an Error Handling table, but the destructive key-rotation flow and webhook setup lack explicit validate-then-proceed checkpoints, capping clarity at 2 per the destructive-operations rule.

2 / 3

Progressive Disclosure

Well-sectioned with a one-level pointer to fireflies-prod-checklist, but at ~189 lines it is monolithic with per-language webhook implementations inline that belong in reference files; no bundle structure exists to split it.

2 / 3

Total

8

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, third-person description that clearly states capabilities, gives explicit 'Use when' triggers and natural trigger phrases, and occupies a distinct niche. It fully satisfies the what/when requirement with no over-claims or fluff.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — 'securing API keys, verifying webhook signatures, or auditing Fireflies.ai security configuration' — rather than vague language, matching the anchor for multiple specific concrete actions.

3 / 3

Completeness

Explicitly answers both what ('Apply Fireflies.ai security best practices for API keys and webhook verification') and when ('Use when securing API keys, verifying webhook signatures, or auditing...') with explicit trigger phrases.

3 / 3

Trigger Term Quality

Provides natural trigger phrases a user would say — 'fireflies security', 'secure fireflies', 'fireflies webhook signature' — with good coverage of variations; 'fireflies HMAC' is slightly technical but plausible for the developer audience.

3 / 3

Distinctiveness Conflict Risk

A clear Fireflies.ai-specific niche with 'fireflies'-prefixed triggers makes it unlikely to fire for an unrelated skill.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.