fireflies-security-basics

Apply Fireflies.ai security best practices for API keys and webhook verification. Use when securing API keys, verifying webhook signatures, or auditing Fireflies.ai security configuration. Trigger with phrases like "fireflies security", "fireflies secrets", "secure fireflies", "fireflies webhook signature", "fireflies HMAC".

Quality

—

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

50%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A dense, actionable security skill with real code and useful tables, but it is held back by a runnable-code bug in the Python example, missing validation checkpoints in the destructive rotation flow, and monolithic inline content that should be split into reference files.

Suggestions

Fix the Python webhook example: add `import os` so `os.environ['FIREFLIES_WEBHOOK_SECRET']` is defined and the block is executable as written (raises actionability).

Add explicit validation checkpoints to sensitive workflows — send a test webhook and confirm a 200 before trusting it, and verify the new key works in production before revoking the old one (raises workflow_clarity).

Move the per-language webhook verification examples into references/webhook-verify-ts.md and references/webhook-verify-python.md, keeping one quick-start example inline, to remove duplication and improve progressive disclosure (also tightens conciseness).

Dimension	Reasoning	Score
Conciseness	Largely lean and code-driven with no concept-explanation padding, but it duplicates webhook verification across TypeScript (Step 2) and Python (Step 4) and restates work in 'Output'/'Next Steps', so it could be tightened.	2 / 3
Actionability	Mostly concrete, copy-paste-ready code and commands, but the Python example uses os.environ['FIREFLIES_WEBHOOK_SECRET'] without importing os, leaving that flagship block incomplete and not runnable as written.	2 / 3
Workflow Clarity	Steps 1–6 are clearly sequenced with an Error Handling table, but the destructive key-rotation flow and webhook setup lack explicit validate-then-proceed checkpoints, capping clarity at 2 per the destructive-operations rule.	2 / 3
Progressive Disclosure	Well-sectioned with a one-level pointer to fireflies-prod-checklist, but at ~189 lines it is monolithic with per-language webhook implementations inline that belong in reference files; no bundle structure exists to split it.	2 / 3
	Total	8 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, third-person description that clearly states capabilities, gives explicit 'Use when' triggers and natural trigger phrases, and occupies a distinct niche. It fully satisfies the what/when requirement with no over-claims or fluff.

Dimension	Reasoning	Score
Specificity	Lists multiple concrete actions — 'securing API keys, verifying webhook signatures, or auditing Fireflies.ai security configuration' — rather than vague language, matching the anchor for multiple specific concrete actions.	3 / 3
Completeness	Explicitly answers both what ('Apply Fireflies.ai security best practices for API keys and webhook verification') and when ('Use when securing API keys, verifying webhook signatures, or auditing...') with explicit trigger phrases.	3 / 3
Trigger Term Quality	Provides natural trigger phrases a user would say — 'fireflies security', 'secure fireflies', 'fireflies webhook signature' — with good coverage of variations; 'fireflies HMAC' is slightly technical but plausible for the developer audience.	3 / 3
Distinctiveness Conflict Risk	A clear Fireflies.ai-specific niche with 'fireflies'-prefixed triggers makes it unlikely to fire for an unrelated skill.	3 / 3
	Total	12 / 12 Passed

Validation

87%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 14 / 16 Passed

Validation for skill structure

Criteria	Description	Result
allowed_tools_field	'allowed-tools' contains unusual tool name(s)	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	14 / 16 Passed

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 1628598

Reviewed: about 8 hours ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.