langfuse-enterprise-rbac
Configure Langfuse enterprise organization management and access control. Use when implementing team access controls, configuring organization settings, or setting up role-based permissions for Langfuse projects. Trigger with phrases like "langfuse RBAC", "langfuse teams", "langfuse organization", "langfuse access control", "langfuse permissions".
59
70%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/langfuse-pack/skills/langfuse-enterprise-rbac/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured skill description that clearly identifies its niche (Langfuse enterprise organization/access control), provides explicit 'Use when' guidance, and lists concrete trigger phrases. Its main weakness is that the capability actions could be more specific—listing concrete operations like 'create teams, assign roles, manage project-level permissions' rather than the somewhat abstract 'configure' and 'implement' language.
Suggestions
Replace generic verbs like 'configure' and 'implement' with more concrete actions, e.g., 'Create teams, assign user roles, manage project-level access policies, and configure SSO settings for Langfuse organizations.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (Langfuse enterprise organization management) and some actions (configure, implement access controls, set up role-based permissions), but the actions are somewhat generic and not highly concrete—e.g., it doesn't specify what specific configuration steps or outputs are involved. | 2 / 3 |
Completeness | Clearly answers both 'what' (configure Langfuse enterprise organization management and access control) and 'when' (implementing team access controls, configuring organization settings, setting up role-based permissions) with explicit trigger phrases. | 3 / 3 |
Trigger Term Quality | Includes a well-curated set of natural trigger terms: 'langfuse RBAC', 'langfuse teams', 'langfuse organization', 'langfuse access control', 'langfuse permissions'. These are terms users would naturally use when seeking this functionality. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the specific product name 'Langfuse' combined with the narrow domain of organization management and RBAC. Very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill covers Langfuse RBAC comprehensively with useful tables and environment variable references, but suffers from verbosity in code examples that are more illustrative than executable. Key areas like SSO setup and API key rotation lack validation checkpoints, and the monolithic structure would benefit from splitting detailed code into separate bundle files. The strongest elements are the roles table, access control checklist, and docker-compose configuration.
Suggestions
Add explicit validation/verification steps after SSO configuration (e.g., 'Test SSO login with a non-admin account before enforcing') and after API key rotation (e.g., 'Verify traces appear in Langfuse dashboard with new keys before revoking old ones').
Replace the pseudo-executable audit logging and key rotation code with either truly executable snippets or concise checklists - the current code looks executable but relies on unverified SDK APIs and patterns.
Split the detailed audit logging code and SSO configuration into separate bundle files, keeping SKILL.md as a concise overview with references to those files.
Remove explanatory comments that Claude can infer (e.g., '// In Langfuse UI: Settings > API Keys > Create') and tighten the API key validation example to something genuinely useful or remove it.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill contains some unnecessary verbosity - the audit logging code is extensive with boilerplate (interface definitions, monkey-patching patterns) that Claude already knows, and the key rotation function is essentially a printed checklist rather than executable code. The roles table and checklist are efficient, but the overall content could be tightened significantly. | 2 / 3 |
Actionability | The docker-compose YAML and environment variables are concrete and usable, but several code blocks are pseudo-executable at best - the rotateApiKeys function just prints a checklist, the validateApiKeyScope does a naive string match, and the audit logging example monkey-patches a client in a pattern that may not match the actual Langfuse SDK API. The SSO setup mixes actionable env vars with vague IdP instructions ('Map IdP groups to Langfuse roles' without showing how). | 2 / 3 |
Workflow Clarity | Steps are numbered and sequenced logically (org structure → API keys → self-hosted config → SSO → audit), but there are no validation checkpoints between steps. For operations like SSO configuration and API key rotation (which can lock users out or break services), there should be explicit verification steps. The key rotation procedure is a checklist but lacks a feedback loop for verifying success before revoking old keys. | 2 / 3 |
Progressive Disclosure | The content is a single monolithic file with no bundle files to offload detailed content. The audit logging code and the detailed SSO configuration could be split into separate reference files. External links to Langfuse docs are provided at the end, but the inline content is heavy enough that it would benefit from being split across files with a leaner overview in SKILL.md. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
23fe3bf
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.