granola-security-basics
Security and privacy configuration for Granola meeting data. Use when reviewing data handling practices, configuring encryption, ensuring SOC 2/GDPR compliance, or securing meeting recordings. Trigger: "granola security", "granola privacy", "granola encryption", "granola SOC 2", "granola GDPR", "secure granola".
59
70%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/granola-pack/skills/granola-security-basics/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured skill description that clearly identifies its niche (Granola-specific security and privacy configuration) and provides explicit trigger terms. The 'when' clause is well-defined with specific compliance frameworks mentioned. The main weakness is that the capability actions could be more concrete—listing specific outputs or steps rather than broad categories like 'configuring encryption' or 'ensuring compliance'.
Suggestions
Add more specific concrete actions, e.g., 'set up AES-256 encryption for recordings, configure data retention policies, generate compliance audit checklists' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security/privacy for Granola meeting data) and some actions (reviewing data handling, configuring encryption, ensuring compliance, securing recordings), but the actions are somewhat generic and not deeply concrete—e.g., 'configuring encryption' and 'ensuring compliance' are broad rather than listing specific steps or outputs. | 2 / 3 |
Completeness | Clearly answers both 'what' (security and privacy configuration for Granola meeting data) and 'when' (reviewing data handling, configuring encryption, ensuring SOC 2/GDPR compliance, securing recordings) with explicit trigger terms listed. | 3 / 3 |
Trigger Term Quality | Includes explicit trigger terms like 'granola security', 'granola privacy', 'granola encryption', 'granola SOC 2', 'granola GDPR', and 'secure granola', which are natural phrases a user would say. Good coverage of relevant keyword variations combining the product name with security/compliance concepts. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the combination of 'Granola' (a specific product) with security/privacy/compliance topics. The trigger terms are product-specific and unlikely to conflict with generic security or generic meeting skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a comprehensive overview of Granola's security configuration with useful tables and structured steps, but it reads more like a security reference document than an actionable skill. It lacks validation checkpoints for confirming configurations are applied correctly, and includes informational content (legal jurisdiction summaries, GDPR rights definitions) that Claude already knows. The settings paths appear to be plausible but unverified UI navigation instructions rather than executable commands.
Suggestions
Add validation checkpoints after configuration steps — e.g., 'Verify SSO by logging out and back in via SSO provider' or 'Confirm sharing defaults by checking a test meeting's share dialog'
Remove or drastically shorten the legal jurisdiction explanation and GDPR rights definitions — Claude knows these; instead just state 'Ensure GDPR compliance: configure data export, erasure, and DPA per your jurisdiction'
Split compliance details (GDPR requirements, consent templates) and local cache security into separate referenced files to improve progressive disclosure and reduce the main skill's length
Clarify whether the Settings paths (e.g., 'Settings > Privacy > AI Training') are verified actual UI paths or approximations, and if possible provide API or CLI alternatives for automation
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably well-structured but includes some unnecessary explanation (e.g., explaining one-party vs two-party consent laws, GDPR rights definitions) that Claude already knows. The data architecture diagram is useful but the surrounding prose could be tighter. Some sections like 'Prerequisites' add little value. | 2 / 3 |
Actionability | The skill provides specific settings paths (e.g., 'Settings > Privacy') and configuration values, which is helpful. However, these are presented as pseudo-UI paths rather than executable commands or API calls, and it's unclear if these paths are accurate or if Granola even has these exact menu structures. The chmod command and consent notice template are genuinely actionable, but much of the content is informational rather than instructional. | 2 / 3 |
Workflow Clarity | Steps are numbered and sequenced logically, and the sensitive meeting protocol (Step 6) has a clear before/during/after flow. However, there are no validation checkpoints — no way to verify that settings were applied correctly, no feedback loops for confirming compliance posture, and no verification that SSO or SCIM provisioning is working after configuration. | 2 / 3 |
Progressive Disclosure | The content is well-organized with clear section headers and tables, and it references external resources and a next-step skill. However, the skill is quite long (~150 lines of substantive content) and could benefit from splitting compliance details, consent guidance, and local cache security into separate referenced files. No bundle files exist to offload detail. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
c2ae302
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.