instantly-enterprise-rbac
Configure Instantly.ai workspace access control, team management, and API key governance. Use when managing workspace members, setting up team permissions, or implementing API key governance for multi-user Instantly workspaces. Trigger with phrases like "instantly team", "instantly permissions", "instantly workspace members", "instantly access control", "instantly rbac".
54
62%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/instantly-pack/skills/instantly-enterprise-rbac/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured skill description with strong completeness and distinctiveness. It clearly identifies both what the skill does and when to use it, with explicit trigger phrases. The main area for improvement is specificity — the capabilities listed are somewhat categorical rather than enumerating concrete actions.
Suggestions
Add more specific concrete actions such as 'invite/remove workspace members', 'assign role-based permissions', 'generate/revoke API keys' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (Instantly.ai workspace) and mentions actions like 'access control', 'team management', and 'API key governance', but these are somewhat high-level categories rather than multiple specific concrete actions (e.g., it doesn't list things like 'invite members', 'revoke API keys', 'assign roles'). | 2 / 3 |
Completeness | Clearly answers both 'what' (configure workspace access control, team management, API key governance) and 'when' (explicit 'Use when...' clause with specific scenarios, plus a 'Trigger with phrases like...' section). | 3 / 3 |
Trigger Term Quality | Includes a strong set of natural trigger terms: 'instantly team', 'instantly permissions', 'instantly workspace members', 'instantly access control', 'instantly rbac'. These cover common variations a user would naturally say when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive — scoped specifically to Instantly.ai workspace access control and team management. The combination of 'Instantly.ai' branding with 'workspace members', 'permissions', and 'rbac' makes it very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill covers a comprehensive set of Instantly.ai RBAC operations but is significantly over-verbose, with repetitive CRUD code patterns that Claude can generate from endpoint specifications alone. The access control matrix and endpoint tables are the most valuable parts. The skill would benefit greatly from trimming the code examples to just the non-obvious patterns and moving detailed examples to bundle files.
Suggestions
Replace most TypeScript code blocks with the endpoint table and access control matrix, keeping code only for non-obvious patterns like the overprivileged key audit logic and tag-based resource isolation.
Add validation/verification steps for destructive operations (member removal, key revocation, ownership transfer) — e.g., 'List members first to confirm target, then remove, then re-list to verify.'
Provide or document the `InstantlyClient` implementation, or switch to standard fetch/curl examples that are truly self-contained and executable.
Move detailed code examples into a bundle file (e.g., `examples.ts`) and reference it from the main skill to improve progressive disclosure.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose with extensive code blocks that are largely repetitive CRUD patterns Claude already knows how to write. The TypeScript examples for basic REST API calls (POST, GET, PATCH, DELETE) add little value beyond what the endpoint table already communicates. The content could be reduced by 60-70% without losing actionable information. | 1 / 3 |
Actionability | The code examples are concrete and typed, but they depend on an unspecified `InstantlyClient` import (`./src/instantly/client`) with no definition provided. Types like `Campaign[]` and `Account[]` are referenced but never defined. The API endpoints table is actionable, but the code itself is not truly copy-paste ready without the client implementation. | 2 / 3 |
Workflow Clarity | The steps are numbered and sequenced logically (members → API keys → groups → tags → audit), but there are no validation checkpoints between steps. For destructive operations like revoking API keys, removing members, and transferring workspace ownership, there are no confirmation or verification steps, which should cap this at 2. | 2 / 3 |
Progressive Disclosure | The content is mostly monolithic — all code is inline in a single file when the detailed TypeScript examples could be in separate reference files. The endpoint table and access control matrix are useful inline summaries, but the bulk of the code bloats the main skill file. The reference to `instantly-migration-deep-dive` is good but there are no bundle files to support progressive disclosure. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
a04d1a2
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.