cloud-api-integration
Expert skill for integrating cloud AI APIs (Claude, GPT-4, Gemini). Covers secure API key management, prompt injection prevention, rate limiting, cost optimization, and protection against data exfiltration attacks.
79
75%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/cloud-api-integration/SKILL.mdQuality
Discovery
64%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description excels at specificity and trigger term quality, naming concrete AI platforms and security concerns that developers would naturally mention. However, it critically lacks any explicit 'Use when...' guidance, making it incomplete for Claude's skill selection process. The security-focused AI API integration niche is well-defined and distinctive.
Suggestions
Add a 'Use when...' clause with explicit triggers, e.g., 'Use when integrating AI APIs, setting up Claude/GPT-4/Gemini clients, or when security concerns like API key storage, prompt injection, or rate limiting are mentioned.'
Include common user phrasings like 'calling AI APIs', 'LLM integration', 'OpenAI setup', or 'Anthropic client' to capture more natural trigger variations.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'secure API key management, prompt injection prevention, rate limiting, cost optimization, and protection against data exfiltration attacks' - these are concrete, actionable capabilities. | 3 / 3 |
Completeness | While the 'what' is well-covered (integrating cloud AI APIs with specific security concerns), there is no explicit 'Use when...' clause or equivalent trigger guidance. The when is entirely missing, which per rubric guidelines caps this at maximum 2, but since it's completely absent, score is 1. | 1 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'Claude, GPT-4, Gemini, API, API key, prompt injection, rate limiting, cost optimization' - good coverage of terms developers would naturally use when seeking help with AI API integration. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focusing specifically on cloud AI API integration with security concerns. The combination of specific APIs (Claude, GPT-4, Gemini) and security topics (prompt injection, data exfiltration) creates a distinct trigger profile unlikely to conflict with general coding or security skills. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong skill with excellent actionability and workflow clarity. The TDD approach with complete test examples and the phased checklist provide clear guidance. The main weakness is verbosity in introductory sections that explain Claude's capabilities back to itself and restate obvious principles, though the technical content is appropriately dense.
Suggestions
Remove the 'You are an expert' framing and 'You excel at' bullet lists - these describe Claude's role rather than providing actionable guidance
Condense Section 5 'Core Responsibilities' which largely restates security principles already demonstrated in the code examples
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill contains some unnecessary verbosity, particularly in sections like 'Core Responsibilities' and 'Summary' which restate concepts Claude already knows. The 'You are an expert' framing and 'You excel at' lists add tokens without actionable value. However, the code examples are appropriately lean. | 2 / 3 |
Actionability | Excellent executable code throughout - complete pytest fixtures, working client implementations, and copy-paste ready patterns for connection pooling, retry logic, caching, and batching. The code examples are fully functional with proper imports and context. | 3 / 3 |
Workflow Clarity | Clear TDD workflow with explicit steps (write failing test → implement → refactor → verify). The pre-implementation checklist provides explicit validation checkpoints across three phases. Verification commands are concrete (pytest, bandit, mypy). | 3 / 3 |
Progressive Disclosure | Well-structured with clear overview, then detailed patterns, with appropriate references to external files (references/advanced-patterns.md, security-examples.md, threat-model.md). Content is appropriately split - core patterns inline, complete implementations referenced. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
75%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 12 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 12 / 16 Passed | |
- Repository
- martinholovsky/claude-skills-generator
- Commit
1086ef2
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.