groq-security-basics
Apply Groq security best practices for API key management and data protection. Use when securing API keys, implementing least privilege access, or auditing Groq security configuration. Trigger with phrases like "groq security", "groq secrets", "secure groq", "groq API key security".
85
83%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly defines its scope around Groq security best practices and provides explicit trigger guidance. Its main weakness is that the capability actions are somewhat generic security terms rather than highly specific concrete operations. The explicit trigger phrases and clear 'Use when' clause make it effective for skill selection.
Suggestions
Add more specific concrete actions such as 'rotate API keys', 'store secrets in environment variables', 'configure role-based access controls' to increase specificity beyond general security concepts.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (Groq security) and some actions (API key management, data protection, least privilege access, auditing), but the actions are somewhat generic security concepts rather than highly specific concrete operations like 'rotate API keys', 'encrypt secrets in .env files', or 'configure RBAC policies'. | 2 / 3 |
Completeness | Clearly answers both 'what' (apply Groq security best practices for API key management and data protection) and 'when' (securing API keys, implementing least privilege access, auditing Groq security configuration) with explicit trigger phrases listed. | 3 / 3 |
Trigger Term Quality | Includes explicit trigger phrases ('groq security', 'groq secrets', 'secure groq', 'groq API key security') and natural keywords like 'API key management', 'least privilege access', and 'auditing Groq security configuration' that users would plausibly say. | 3 / 3 |
Distinctiveness Conflict Risk | The description is narrowly scoped to Groq-specific security practices, making it clearly distinguishable from general security skills or other API provider skills. The 'Groq' qualifier throughout creates a distinct niche. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable security skill with excellent executable examples covering key management, rotation, leak prevention, and server-side patterns. Its main weakness is length — the prompt injection defense and audit logging sections add significant bulk and are not particularly Groq-specific, making the skill less concise than it could be. Better progressive disclosure (splitting detailed patterns into separate files) would improve both conciseness and organization.
Suggestions
Move the prompt injection defense and audit logging code into separate referenced files (e.g., `groq-security-patterns.md`) to keep the main skill focused on Groq-specific key management
Remove the Prerequisites section — Claude already understands environment variables and secret managers
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with good code examples, but includes some unnecessary content like the Prerequisites section (Claude knows what env vars and secret managers are), and the prompt injection defense section is somewhat generic/not Groq-specific. The audit logging section is also quite verbose for what it adds. | 2 / 3 |
Actionability | Excellent executable code throughout — bash commands for key storage across multiple platforms, a working pre-commit hook, complete TypeScript server-side patterns, and concrete curl commands for verification. All examples are copy-paste ready with real commands and realistic code. | 3 / 3 |
Workflow Clarity | Steps are clearly sequenced from key storage through rotation, leak prevention, usage patterns, and auditing. The key rotation procedure includes explicit verification (curl check for 200), a monitoring period, and a clear sequence. The security checklist at the end serves as a validation checkpoint for the entire workflow. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear headers and a logical flow, but it's quite long (~150 lines of substantive content) with detailed code blocks that could be split into referenced files (e.g., prompt injection defense, audit logging patterns). The reference to 'groq-prod-checklist' at the end is good but the main file tries to cover too much inline. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
70e9fa4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.