CtrlK
BlogDocsLog inGet started
Tessl Logo

langfuse-enterprise-rbac

Configure Langfuse enterprise organization management and access control. Use when implementing team access controls, configuring organization settings, or setting up role-based permissions for Langfuse projects. Trigger with phrases like "langfuse RBAC", "langfuse teams", "langfuse organization", "langfuse access control", "langfuse permissions".

59

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

50%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill is well-structured and covers roles, scoped keys, self-hosting, SSO, and audit logging with genuinely useful configuration snippets. Its weaknesses are illustrative-only TypeScript, missing validation feedback loops around key rotation, and a local reference file that is not surfaced from the body.

Suggestions

Replace the illustrative TypeScript (weak validateApiKeyScope, console.log rotation, monkey-patched audit client) with minimal executable snippets or trim them to concise checklist guidance.

Add an explicit validate-then-proceed loop to key rotation (e.g. 'After deploying new keys, confirm traces are ingesting before revoking the old pair; if ingestion stalls, restore the old key and re-check').

Link the local references/implementation.md from the body (e.g. under a '## Implementation details' section) so the bundle file is discoverable instead of orphaned.

DimensionReasoningScore

Conciseness

The body is mostly efficient with well-chosen env-var configs and tables, but several TypeScript blocks are padded or illustrative (e.g. validateApiKeyScope only does a string-includes check and console.warn; rotateApiKeys is just console.log checklist lines; the audit wrapper monkey-patches a bound method with a commented-out SIEM send).

2 / 3

Actionability

Docker-compose env vars and SAML config blocks are concrete and copy-paste ready, but the TypeScript examples are incomplete/non-executable (mocked imports, commented-out persistence, weak key-scope validation), so guidance is a mix of fully actionable config and illustrative code.

2 / 3

Workflow Clarity

The five numbered steps are clearly sequenced and key rotation includes a verification checklist item, but there are no explicit validate-then-proceed feedback loops for the destructive rotation step, and SSO/self-hosted setup steps lack validation checkpoints, capping this at 2.

2 / 3

Progressive Disclosure

Sections are well organized (Overview, Steps, Checklist, Error Handling, Resources), but the local bundle file references/implementation.md is never linked or signaled from the body — the Resources section points only to external Langfuse URLs — leaving the provided reference orphaned rather than one level deep.

2 / 3

Total

8

/

12

Passed

Description

90%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A well-constructed description that uses third-person voice, explicit 'Use when' guidance, and natural trigger phrases. The only soft spot is the opening capability line, which leans on abstract nouns ('management', 'access control') instead of crisp concrete verbs.

Suggestions

Replace the abstract opening ('organization management and access control') with concrete verbs, e.g. 'Configure built-in roles, scope API keys per service, enforce SSO, and audit access changes for Langfuse projects.'

DimensionReasoningScore

Specificity

The description names the Langfuse domain and several actions ('team access controls', 'configuring organization settings', 'role-based permissions'), but the opening phrasing ('organization management and access control') stays somewhat abstract rather than enumerating concrete operations.

2 / 3

Completeness

It clearly answers both what ('Configure Langfuse enterprise organization management and access control') and when ('Use when implementing...', plus an explicit 'Trigger with phrases like' clause), satisfying both halves.

3 / 3

Trigger Term Quality

Explicit trigger phrases like "langfuse RBAC", "langfuse teams", "langfuse organization", "langfuse access control", and "langfuse permissions" are natural terms a user would actually say when needing this skill.

3 / 3

Distinctiveness Conflict Risk

The skill is tightly scoped to Langfuse enterprise RBAC with Langfuse-prefixed triggers, making it unlikely to fire for unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.