gamma-security-basics
Implement security best practices for Gamma integration. Use when securing API keys, implementing access controls, or auditing Gamma security configuration. Trigger with phrases like "gamma security", "gamma API key security", "gamma secure", "gamma credentials", "gamma access control".
74
70%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/gamma-pack/skills/gamma-security-basics/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid description that clearly identifies its niche (Gamma integration security), provides explicit trigger guidance, and includes natural keywords. Its main weakness is that the capability descriptions are somewhat high-level—listing more concrete actions (e.g., 'rotate keys', 'set up role-based access', 'scan for exposed credentials') would strengthen specificity.
Suggestions
Add more concrete, specific actions beyond the general categories—e.g., 'rotate API keys, configure role-based access policies, scan for exposed credentials, set up secret management'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security for Gamma integration) and some actions (securing API keys, implementing access controls, auditing security configuration), but the actions are somewhat generic and not deeply specific—e.g., it doesn't describe concrete outputs like 'rotate API keys', 'configure RBAC policies', or 'generate audit reports'. | 2 / 3 |
Completeness | Clearly answers both 'what' (implement security best practices for Gamma integration) and 'when' (explicit 'Use when' clause covering securing API keys, implementing access controls, auditing security config, plus explicit trigger phrases). | 3 / 3 |
Trigger Term Quality | Includes a good set of natural trigger terms that users would likely say: 'gamma security', 'gamma API key security', 'gamma secure', 'gamma credentials', 'gamma access control'. These cover multiple natural variations a user might use. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of 'Gamma' (a specific integration) and 'security' creates a clear niche. The trigger terms are all prefixed with 'gamma', making it unlikely to conflict with general security skills or other integration skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a solid structural overview of security practices for Gamma integration with concrete code examples and a useful checklist. However, it suffers from speculative API patterns that may not reflect actual Gamma SDK capabilities, making actionability uncertain. The content is somewhat verbose for what could be a more concise guide, and the key rotation workflow lacks explicit validation/feedback loops.
Suggestions
Replace speculative Gamma SDK API patterns (interceptors, scopes config) with verified API features or clearly mark them as hypothetical/conditional with 'if supported' qualifiers throughout
Add explicit verification steps after key setup (e.g., 'Test the key works: `curl -H "Authorization: Bearer $GAMMA_API_KEY" https://api.gamma.app/v1/me`') to improve workflow clarity
Move the request signing, audit logging, and access control sections into a separate GAMMA-SECURITY-ADVANCED.md file, keeping SKILL.md focused on the essential key storage and rotation basics
Convert the key rotation pseudocode comments into an actionable numbered checklist with explicit validation at each step
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is reasonably efficient but includes some unnecessary elements like the Prerequisites section (Claude knows what env vars are) and some comments that over-explain obvious patterns. The 'NEVER do this / DO this' pattern is slightly verbose but useful for clarity. | 2 / 3 |
Actionability | Code examples are concrete and mostly executable, but several rely on speculative/hypothetical Gamma SDK APIs (e.g., `@gamma/sdk`, `interceptors`, `scopes` config) that may not exist. The key rotation function is pseudocode comments rather than executable steps. The request signing section is generic crypto code not tied to actual Gamma API behavior. | 2 / 3 |
Workflow Clarity | Steps are clearly sequenced and the security checklist provides a good validation checkpoint. However, there are no explicit verification steps between stages (e.g., 'verify your key works before proceeding') and the key rotation workflow is described only as comments inside a function body rather than a validated process with feedback loops. | 2 / 3 |
Progressive Disclosure | The content is well-structured with clear sections and a checklist, but it's fairly long and monolithic. The error handling table, audit logging, and request signing sections could be split into separate reference files. The 'Next Steps' reference to gamma-prod-checklist is good but the main body tries to cover too much inline. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
c8a915c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.