cloud-api-integration

Expert skill for integrating cloud AI APIs (Claude, GPT-4, Gemini). Covers secure API key management, prompt injection prevention, rate limiting, cost optimization, and protection against data exfiltration attacks.

Quality

75%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/cloud-api-integration/SKILL.md

Quality

Content

85%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a strong skill with excellent actionability and workflow clarity. The TDD approach with complete test examples and the phased checklist provide clear guidance. The main weakness is verbosity in introductory sections that explain Claude's capabilities back to itself and restate obvious principles, though the technical content is appropriately dense.

Suggestions

Remove the 'You are an expert' framing and 'You excel at' bullet lists - these describe Claude's role rather than providing actionable guidance

Condense Section 5 'Core Responsibilities' which largely restates security principles already demonstrated in the code examples

Dimension	Reasoning	Score
Conciseness	The skill contains some unnecessary verbosity, particularly in sections like 'Core Responsibilities' and 'Summary' which restate concepts Claude already knows. The 'You are an expert' framing and 'You excel at' lists add tokens without actionable value. However, the code examples are appropriately lean.	2 / 3
Actionability	Excellent executable code throughout - complete pytest fixtures, working client implementations, and copy-paste ready patterns for connection pooling, retry logic, caching, and batching. The code examples are fully functional with proper imports and context.	3 / 3
Workflow Clarity	Clear TDD workflow with explicit steps (write failing test → implement → refactor → verify). The pre-implementation checklist provides explicit validation checkpoints across three phases. Verification commands are concrete (pytest, bandit, mypy).	3 / 3
Progressive Disclosure	Well-structured with clear overview, then detailed patterns, with appropriate references to external files (references/advanced-patterns.md, security-examples.md, threat-model.md). Content is appropriately split - core patterns inline, complete implementations referenced.	3 / 3
	Total	11 / 12 Passed

Description

64%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description excels at specificity and trigger term quality, naming concrete AI platforms and security concerns that developers would naturally mention. However, it critically lacks any explicit 'Use when...' guidance, making it incomplete for Claude's skill selection process. The security-focused AI API integration niche is well-defined and distinctive.

Suggestions

Add a 'Use when...' clause with explicit triggers, e.g., 'Use when integrating AI APIs, setting up Claude/GPT-4/Gemini clients, or when security concerns like API key storage, prompt injection, or rate limiting are mentioned.'

Include common user phrasings like 'calling AI APIs', 'LLM integration', 'OpenAI setup', or 'Anthropic client' to capture more natural trigger variations.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: 'secure API key management, prompt injection prevention, rate limiting, cost optimization, and protection against data exfiltration attacks' - these are concrete, actionable capabilities.	3 / 3
Completeness	While the 'what' is well-covered (integrating cloud AI APIs with specific security concerns), there is no explicit 'Use when...' clause or equivalent trigger guidance. The when is entirely missing, which per rubric guidelines caps this at maximum 2, but since it's completely absent, score is 1.	1 / 3
Trigger Term Quality	Includes natural keywords users would say: 'Claude, GPT-4, Gemini, API, API key, prompt injection, rate limiting, cost optimization' - good coverage of terms developers would naturally use when seeking help with AI API integration.	3 / 3
Distinctiveness Conflict Risk	Clear niche focusing specifically on cloud AI API integration with security concerns. The combination of specific APIs (Claude, GPT-4, Gemini) and security topics (prompt injection, data exfiltration) creates a distinct trigger profile unlikely to conflict with general coding or security skills.	3 / 3
	Total	10 / 12 Passed

Validation

75%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 12 / 16 Passed

Validation for skill structure

Criteria	Description	Result
description_trigger_hint	Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...')	Warning
metadata_version	'metadata' field is not a dictionary	Warning
license_field	'license' field is missing	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	12 / 16 Passed

Repository: martinholovsky/claude-skills-generator
Commit: 1086ef2

Reviewed: 4 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.