neilhanekom/redact-secrets
Detect and redact secrets in text — API keys, tokens, credentials
91
90%
Does it follow best practices?
Impact
100%
1.33xAverage score across 2 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines what the skill does (detect and redact secrets), when to use it (sharing logs/snippets/pastes with potential secrets), and provides comprehensive trigger terms covering many common secret types. It uses proper third-person voice and follows the recommended 'Use when...' pattern effectively.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists specific concrete actions ('detect and redact secrets') and enumerates multiple specific types of secrets: API keys, OAuth tokens, JWTs, AWS credentials, GitHub tokens, Slack tokens, database connection strings, and private keys. | 3 / 3 |
Completeness | Clearly answers both 'what' (detect and redact secrets in text) and 'when' (explicit 'Use when' clause specifying sharing logs, snippets, or pastes that may contain various secret types). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'logs', 'snippets', 'pastes', 'API keys', 'OAuth tokens', 'JWTs', 'AWS credentials', 'GitHub tokens', 'Slack tokens', 'database connection strings', 'private keys', 'secrets', 'redact'. These are all terms a user would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Very clear niche focused on secret detection and redaction with highly specific trigger terms like 'redact secrets', 'API keys', 'JWTs', 'AWS credentials'. Unlikely to conflict with other skills given the narrow, well-defined domain. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, highly actionable skill with excellent examples and clear workflow. Its main weakness is length — the comprehensive vendor prefix catalog and contextual cues, while valuable, make the file long enough that progressive disclosure into a reference file would improve token efficiency. The common mistakes section, while useful, includes some guidance Claude would likely infer on its own.
Suggestions
Move the detailed vendor prefix list and contextual cues into a separate PATTERNS.md reference file, keeping only the most common patterns inline
Trim the 'Common mistakes to avoid' section to 2-3 items, removing points Claude would naturally infer (e.g., don't reconstruct secrets, don't remove lines silently)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is thorough and mostly well-organized, but it's quite long (~150 lines) with some sections that could be tightened. The extensive enumeration of vendor prefixes and contextual cues is valuable reference material, but the 'Common mistakes to avoid' section explains things Claude would likely already understand (e.g., don't reconstruct secrets). Some bullet points could be condensed. | 2 / 3 |
Actionability | The skill provides highly concrete, actionable guidance: specific regex-like patterns for detection, exact redaction formats with prefix preservation rules, and three complete input/output examples covering env files, HTTP logs, and JWT cookies. Every instruction is specific enough to execute directly. | 3 / 3 |
Workflow Clarity | The workflow is clear and well-sequenced: scan for secrets → classify them → redact in-place using specific placeholder formats → handle ambiguous cases with trailing comments. The skill covers edge cases (none found, unsure, code blocks vs prose) and includes explicit error-handling guidance (ambiguous strings get redacted with a note). For this type of single-pass task, the workflow is unambiguous. | 3 / 3 |
Progressive Disclosure | The content is a single monolithic file with no references to supporting documents. While the sections are well-organized with clear headers, the extensive vendor prefix list and contextual cues section could be split into a reference file. For a skill of this length (~150 lines), some progressive disclosure into supplementary files would improve scannability. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
Reviewed
Table of Contents