CtrlK
BlogDocsLog inGet started
Tessl Logo

gamma-security-basics

Implement security best practices for Gamma integration. Use when securing API keys, implementing access controls, or auditing Gamma security configuration. Trigger with phrases like "gamma security", "gamma API key security", "gamma secure", "gamma credentials", "gamma access control".

74

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

87%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A lean, code-first, well-organized body with mostly executable TypeScript examples and clear sequencing. The main weakness is workflow clarity around the destructive key-rotation step, which lacks an explicit validate→fix→retry feedback loop.

Suggestions

Add an explicit validation checkpoint and rollback feedback loop to the key-rotation workflow (e.g., 'verify the new key works end-to-end before revoking the old key; if verification fails, keep the old key and retry'), which would lift workflow_clarity from 2 to 3.

Replace the comment-only rotateApiKey() pseudocode with executable steps (or explicitly justify why it must remain a manual procedure) to remove the actionability blemish.

Trim soft prerequisites ('Understanding of secret management', 'Environment variable support') and the Overview line that restates the description to tighten conciseness further.

DimensionReasoningScore

Conciseness

The body is code-first and lean, assuming Claude's competence without explaining known concepts (no 'what is an API key/HMAC' padding); every section earns its tokens, matching the 'lean and efficient' anchor despite minor soft prerequisites.

3 / 3

Actionability

Provides concrete, copy-paste-ready TypeScript across sections — process.env keys, dotenv, crypto.createHmac, timingSafeEqual, scoped keys, audit interceptors — matching the 'fully executable code' anchor; the comment-only rotation function is a minor blemish.

3 / 3

Workflow Clarity

Steps 1–5 are clearly sequenced and a Security Checklist provides verification, but key rotation is a destructive operation with only an implicit 'Deploy and verify' and no explicit validate→fix→retry feedback loop, which caps the score at 2 per the destructive-operations guideline.

2 / 3

Progressive Disclosure

No bundle files exist and the skill is self-contained with well-organized sections (Overview, Prerequisites, Steps, Checklist, Error Handling, Resources, Next Steps) and no nested references, satisfying the simple-skills allowance for a score of 3.

3 / 3

Total

11

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, concise description that names concrete capabilities, provides explicit 'what' and 'when' guidance with a 'Use when' clause, and includes natural gamma-prefixed trigger phrases. It is distinct from other skills and uses appropriate third-person imperative voice.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — 'securing API keys, implementing access controls, or auditing Gamma security configuration' — rather than vague language, matching the 'lists multiple specific concrete actions' anchor.

3 / 3

Completeness

Explicitly answers both 'what' ('Implement security best practices for Gamma integration') and 'when' ('Use when securing API keys, implementing access controls, or auditing Gamma security configuration') with an explicit 'Use when' clause, so no cap at 2 applies.

3 / 3

Trigger Term Quality

Provides good coverage of natural trigger phrases a user would say — 'gamma security', 'gamma API key security', 'gamma secure', 'gamma credentials', 'gamma access control' — matching the 'good coverage of natural terms' anchor.

3 / 3

Distinctiveness Conflict Risk

Clear Gamma-specific niche with all triggers 'gamma'-prefixed, making it unlikely to fire for unrelated skills; matches the 'clear niche with distinct triggers' anchor.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.