CtrlK
BlogDocsLog inGet started
Tessl Logo

groq-security-basics

Apply Groq security best practices for API key management and data protection. Use when securing API keys, implementing least privilege access, or auditing Groq security configuration. Trigger with phrases like "groq security", "groq secrets", "secure groq", "groq API key security".

71

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

Highly actionable and well-sequenced content with strong Groq-specific facts and proper validation on the destructive rotation step. Weaker on conciseness and progressive disclosure, where generic patterns and inline multi-topic content could be trimmed or split into reference files.

Suggestions

Trim or move the generic audit-logging interface (Step 6) and prompt-injection sanitize pattern (Step 5) — Claude already knows these — keeping only the Groq-specific application notes to improve conciseness.

Split the broader topics (e.g., server-side usage, audit logging) into one-level-deep reference files under references/ and link them from SKILL.md so the body stays a lean overview, improving progressive disclosure.

Consolidate the Key Security Facts into the relevant steps where they are acted upon, reducing repetition between the facts list and the step instructions.

DimensionReasoningScore

Conciseness

Mostly efficient with valuable Groq-specific facts (gsk_ prefix, no scoped keys, per-org rate limits), but the generic audit-logging interface (Step 6) and prompt-injection sanitize pattern (Step 5) restate concepts Claude already knows and could be tightened, fitting the level-2 anchor.

2 / 3

Actionability

Fully executable, copy-paste-ready bash and TypeScript across all six steps — secret-manager commands, a curl rotation verification, a pre-commit hook, and a server-side proxy — matching the level-3 executable anchor.

3 / 3

Workflow Clarity

Six clearly sequenced steps with an explicit validation checkpoint in the destructive key-rotation flow ('Verify new key works' returning 200, monitor 24h before deleting) plus a closing checklist, matching the level-3 anchor.

3 / 3

Progressive Disclosure

Sections are well-organized, but the ~120-line body is a single monolithic file covering six distinct topics with no bundle/reference files; content that could be split (audit logging, injection defense) is inline, fitting the level-2 anchor rather than a well-signaled multi-file structure.

2 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, well-formed description that clearly conveys capability, trigger conditions, and distinctiveness in concise third-person voice. No notable weaknesses to address.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — 'API key management and data protection', 'securing API keys', 'implementing least privilege access', 'auditing Groq security configuration' — matching the multi-action anchor rather than the single-domain level 2.

3 / 3

Completeness

Explicitly states what it does ('Apply Groq security best practices...') and when to use it ('Use when securing API keys...'), plus explicit trigger phrases — clearly answering both what and when.

3 / 3

Trigger Term Quality

Four natural Groq-anchored phrases ('groq security', 'groq secrets', 'secure groq', 'groq API key security') give good coverage of terms a user would actually say, matching the level-3 anchor.

3 / 3

Distinctiveness Conflict Risk

The triggers are all Groq-specific, carving a clear niche unlikely to fire for non-Groq security skills, matching the level-3 distinct-niche anchor.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.