From retellai-pack
Apply Retell AI security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Retell AI security configuration. Trigger with phrases like "retellai security", "retellai secrets", "secure retellai", "retellai API key security".
How this skill is triggered — by the user, by Claude, or both
Slash command
/retellai-pack:retellai-security-basicsThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Security best practices for Retell AI API keys, tokens, and access control.
Security best practices for Retell AI API keys, tokens, and access control.
# .env (NEVER commit to git)
RETELLAI_API_KEY=sk_live_***
RETELLAI_SECRET=***
# .gitignore
.env
.env.local
.env.*.local
set -euo pipefail
# 1. Generate new key in Retell AI dashboard
# 2. Update environment variable
export RETELLAI_API_KEY="new_key_here"
# 3. Verify new key works
curl -H "Authorization: Bearer ${RETELLAI_API_KEY}" \
https://api.retellai.com/health
# 4. Revoke old key in dashboard
| Environment | Recommended Scopes |
|---|---|
| Development | read:* |
| Staging | read:*, write:limited |
| Production | Only required scopes |
| Security Issue | Detection | Mitigation |
|---|---|---|
| Exposed API key | Git scanning | Rotate immediately |
| Excessive scopes | Audit logs | Reduce permissions |
| Missing rotation | Key age check | Schedule rotation |
const clients = {
reader: new RetellAIClient({
apiKey: process.env.RETELLAI_READ_KEY,
}),
writer: new RetellAIClient({
apiKey: process.env.RETELLAI_WRITE_KEY,
}),
};
import crypto from 'crypto';
function verifyWebhookSignature(
payload: string, signature: string, secret: string
): boolean {
const expected = crypto.createHmac('sha256', secret).update(payload).digest('hex');
return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}
.env files in .gitignoreinterface AuditEntry {
timestamp: Date;
action: string;
userId: string;
resource: string;
result: 'success' | 'failure';
metadata?: Record<string, any>;
}
async function auditLog(entry: Omit<AuditEntry, 'timestamp'>): Promise<void> {
const log: AuditEntry = { ...entry, timestamp: new Date() };
// Log to Retell AI analytics
await retellaiClient.track('audit', log);
// Also log locally for compliance
console.log('[AUDIT]', JSON.stringify(log));
}
// Usage
await auditLog({
action: 'retellai.api.call',
userId: currentUser.id,
resource: '/v1/resource',
result: 'success',
});
For production deployment, see retellai-prod-checklist.
npx claudepluginhub aiminnovations/claude-code-plugins-plus --plugin retellai-packGuides collaborative design exploration before implementation: explores context, asks clarifying questions, proposes approaches, and writes a design doc for user approval.
Creates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.
Synthesizes the current conversation into a structured spec (PRD) and publishes it to the project issue tracker with a ready-for-agent label, without interviewing the user.
4plugins reuse this skill
First indexed Jul 11, 2026