granola-security-basics
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill granola-security-basicsSecurity best practices for Granola meeting data. Use when implementing security controls, reviewing data handling, or ensuring compliance with security policies. Trigger with phrases like "granola security", "granola privacy", "granola data protection", "secure granola", "granola compliance".
Review Score
66%
Validation Score
12/16
Implementation Score
63%
Activation Score
57%
Generated
Validation
Total
12/16Score
Passed| Criteria | Score |
|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) |
metadata_version | 'metadata' field is not a dictionary |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata |
body_output_format | No obvious output/return/format terms detected; consider specifying expected outputs |
Implementation
Suggestions 3
Score
63%Overall Assessment
This skill provides comprehensive security guidance with good structure through tables, checklists, and clear workflows. However, it's more of a reference document than an actionable skill - it explains policies and settings rather than providing executable automation. The content could be more concise by removing explanations of standard security concepts Claude already understands.
Suggestions
- Add executable scripts or API calls for common security tasks (e.g., bulk deletion, audit log retrieval) rather than just UI navigation paths
- Remove explanations of standard security concepts (TLS, AES-256, GDPR basics) and focus only on Granola-specific implementation details
- Split compliance details (GDPR, HIPAA, SOC 2) and team admin controls into separate reference files, keeping SKILL.md as a concise overview with links
| Dimension | Score | Reasoning |
|---|---|---|
Conciseness | 2/3 | Content is reasonably efficient with good use of tables and checklists, but includes some explanatory content Claude would know (e.g., what TLS 1.3 and AES-256 are, basic GDPR concepts). The data flow diagram and compliance tables add value but could be tighter. |
Actionability | 2/3 | Provides checklists and settings paths which are helpful, but lacks executable code or commands. Instructions like 'Settings > Privacy > Default Sharing' are specific but the markdown checklists are templates rather than actionable automation. No scripts or API calls provided. |
Workflow Clarity | 3/3 | Clear sequential workflows for sensitive meeting handling (pre/during/post), account compromise response, and deletion processes. The incident response section has explicit numbered steps with validation checkpoints. |
Progressive Disclosure | 2/3 | Content is well-organized with clear sections and tables, but it's a monolithic document that could benefit from splitting detailed compliance info and team admin controls into separate reference files. The 'Next Steps' reference to another skill is good, but inline content is heavy. |
Activation
Suggestions 2
Score
57%Overall Assessment
The description has good structural completeness with explicit 'Use when' and 'Trigger with' clauses, but suffers from vague capability descriptions that don't specify what concrete security actions the skill enables. The trigger terms feel manufactured rather than reflecting natural user language, and the actual capabilities remain abstract.
Suggestions
- Replace vague 'security best practices' with specific actions like 'Encrypts meeting transcripts, configures access controls, audits data sharing permissions, implements retention policies'
- Add more natural trigger terms users would actually say, such as 'protect meeting notes', 'who can see my meetings', 'meeting data privacy', or 'secure transcripts'
| Dimension | Score | Reasoning |
|---|---|---|
Specificity | 1/3 | The description uses vague language like 'security best practices', 'implementing security controls', and 'reviewing data handling' without listing any concrete actions. No specific capabilities are enumerated. |
Completeness | 3/3 | Explicitly answers both what ('Security best practices for Granola meeting data') and when ('Use when implementing security controls, reviewing data handling, or ensuring compliance') with explicit trigger guidance. |
Trigger Term Quality | 2/3 | Includes explicit trigger phrases like 'granola security', 'granola privacy', 'granola data protection', but these feel artificial rather than natural user language. Missing common variations users might actually say like 'protect meeting notes' or 'secure my meetings'. |
Distinctiveness Conflict Risk | 2/3 | The 'granola' prefix provides some distinctiveness, but generic terms like 'security controls', 'data handling', and 'compliance' could overlap with general security skills. The niche is somewhat defined but not sharply bounded. |