arn-infra-secrets
This skill should be used when the user says "manage secrets", "arn infra secrets", "infra secrets", "secrets management", "set up secrets", "configure secrets", "audit secrets", "secrets audit", "rotate secrets", "secret storage", "vault setup", "key management", "credential management", "secrets scan", "check for exposed secrets", "secrets provider", "arn-infra-secrets", "set up secret manager", "configure secret injection", "environment variables", "env vars", "secure env vars", or wants to set up, configure, audit, or manage secrets and credential storage for their infrastructure deployment.
47
49%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/arn-infra/skills/arn-infra-secrets/SKILL.mdQuality
Discovery
37%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is essentially a long list of trigger phrases with no substantive explanation of what the skill actually does. While the trigger term coverage is excellent, the complete absence of concrete capability descriptions makes it impossible for Claude to understand the skill's scope or differentiate it from other infrastructure-related skills. The description needs a clear 'what it does' section listing specific actions.
Suggestions
Add concrete capability descriptions before the trigger terms, e.g., 'Sets up and configures secrets managers (AWS Secrets Manager, HashiCorp Vault), scans codebases for exposed credentials, rotates secrets on schedule, and injects secrets into deployment environments.'
Restructure to follow the pattern: '[What it does]. Use when [trigger conditions].' rather than leading with trigger phrases alone.
Trim the trigger phrase list to the most distinctive terms and consolidate synonyms — the current exhaustive list adds noise without compensating for the missing capability description.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description lists no concrete actions or capabilities. It only provides trigger phrases and a vague closing clause about setting up, configuring, auditing, or managing secrets. There is no explanation of what the skill actually does (e.g., 'creates Vault configurations', 'scans codebases for exposed credentials', 'rotates AWS Secrets Manager keys'). | 1 / 3 |
Completeness | While the 'when' is thoroughly addressed via the long list of trigger phrases, the 'what does this do' is essentially absent — there is no description of the skill's actual capabilities, outputs, or behaviors. The rubric requires both to be clearly answered; the 'what' is very weak. | 1 / 3 |
Trigger Term Quality | The description includes an extensive list of natural trigger terms covering many variations a user might say, including 'manage secrets', 'rotate secrets', 'env vars', 'credential management', 'vault setup', 'secrets scan', 'check for exposed secrets', and more. This provides excellent keyword coverage. | 3 / 3 |
Distinctiveness Conflict Risk | The domain of secrets management is fairly specific, but the description is so broad (covering auditing, scanning, rotation, storage, vault setup, key management, credential management, environment variables) that it could overlap with multiple more specialized skills. Without concrete capability descriptions, it's hard to distinguish from adjacent skills. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
62%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured orchestration skill with a clear 6-step workflow, comprehensive error handling, and experience-level-adaptive guidance. Its main weaknesses are verbosity (repeated boilerplate phrases, inline reference content that could be externalized) and limited actionability (high-level guidance rather than executable code snippets for provider setup). The workflow clarity is strong with proper user confirmation gates and audit verification loops.
Suggestions
Add executable code/command examples for at least the most common secrets provider setup (e.g., complete Terraform block for AWS Secrets Manager, full SOPS configuration example) rather than just listing step descriptions.
Extract the provider mapping table and injection configuration details into separate reference files (e.g., `secrets-providers.md`, `secrets-injection.md`) to reduce the main skill's length and improve progressive disclosure.
Remove the repeated 'For beginners, simplify guidance to the most common pattern only. For experts, show all available options with configuration details.' boilerplate — state this once at the top or in a general guidance section.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is fairly long and includes some redundant phrasing (e.g., repeating 'For beginners, simplify guidance to the most common pattern only. For experts, show all available options with configuration details.' three times). The provider mapping tables and injection references are useful but could be tighter. It doesn't over-explain concepts Claude knows, but there's room to trim. | 2 / 3 |
Actionability | The skill provides structured steps and specific provider mappings (e.g., Terraform data sources, fly.io commands, GitHub Actions secrets), but lacks executable code examples. The IaC references are one-liners without full context, and the secrets provider setup steps are high-level guidance rather than copy-paste ready commands. The agent invocation pattern is well-specified though. | 2 / 3 |
Workflow Clarity | The 6-step workflow is clearly sequenced with explicit validation checkpoints: scanning before recommending, user confirmation before executing setup, audit verification after configuration, and clear error handling with fallback paths. The feedback loop for audit failures (pass/fail/N/A with remediation) is well-defined, and the error handling section covers edge cases comprehensively. | 3 / 3 |
Progressive Disclosure | The skill references external files like `secrets-providers.md`, `secrets-audit-checklist.md`, `experience-derivation.md`, and `tooling-manifest.json`, which suggests good structural intent. However, no bundle files were provided to verify these exist, and the main SKILL.md is quite long (~200+ lines) with inline content (provider mapping tables, injection configurations) that could be split into reference files. The references are one-level deep and clearly signaled, which is good. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- AppsVortex/arness
- Commit
b9084b6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.