CtrlK
BlogDocsLog inGet started
Tessl Logo

g14wxz/vault-secrets-pattern

Enforces pgsodium Vault for secret storage accessed only via SECURITY DEFINER functions on service_role.

80

Quality

100%

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

Quality

Content

100%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is an excellent skill that is lean, fully actionable, and well-structured for a security-sensitive database operation. The phased workflow with explicit HALT conditions and security boundary validation demonstrates best practices. The only minor note is the dollar-quoting in the SQL block appears to use single `$` instead of `$$`, but this is a trivial formatting detail.

DimensionReasoningScore

Conciseness

Every line serves a purpose—no explanations of what pgsodium is, what Vault does conceptually, or how SQL works. The content assumes Claude knows these things and jumps straight to actionable steps.

3 / 3

Actionability

Provides fully executable SQL commands for validation queries, secret insertion, function creation with exact GRANT/REVOKE statements, and verification queries. The SQL block is copy-paste ready and complete.

3 / 3

Workflow Clarity

Five clearly sequenced phases with explicit HALT conditions at validation failures, a security boundary check (Phase 4) that acts as a feedback loop, and a final verification checklist. The anon-access test with 'HALT if succeeds' is an excellent validation checkpoint for a security-sensitive operation.

3 / 3

Progressive Disclosure

This is a focused, single-purpose skill under 80 lines with no need for external references. The content is well-organized into logical phases with clear headers, making navigation straightforward.

3 / 3

Total

12

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is an excellent skill description that clearly articulates specific capabilities (pgsodium Vault configuration, SECURITY DEFINER function creation), includes natural trigger terms users would use when needing this skill, and provides explicit 'Use when' guidance. It occupies a well-defined niche at the intersection of Supabase, pgsodium, and secret management, making it highly distinguishable from other skills.

DimensionReasoningScore

Specificity

Lists multiple specific concrete actions: configures pgsodium Vault extension, creates SECURITY DEFINER functions assigned to service_role, eliminates hardcoded secrets. These are precise, actionable capabilities.

3 / 3

Completeness

Clearly answers both 'what' (configures pgsodium Vault, creates SECURITY DEFINER functions, eliminates hardcoded secrets) and 'when' with an explicit 'Use when...' clause listing four trigger scenarios.

3 / 3

Trigger Term Quality

Includes strong natural keywords users would say: 'API keys', 'secrets', 'Supabase', 'pgsodium Vault', 'hardcoded credentials', 'Vault references'. Good coverage of both technical terms and common user language like 'storing API keys' and 'managing secrets'.

3 / 3

Distinctiveness Conflict Risk

Highly distinctive with a clear niche: pgsodium Vault in Supabase context, SECURITY DEFINER functions with service_role. The combination of Supabase + pgsodium + Vault is very specific and unlikely to conflict with generic secret management or database skills.

3 / 3

Total

12

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation11 / 11 Passed

Validation for skill structure

No warnings or errors.

Reviewed

Table of Contents

DiscoveryImplementationValidation