Name: arn-infra-secrets
Rating: 47.2 (1 reviews)
Author: AppsVortex

arn-infra-secrets

This skill should be used when the user says "manage secrets", "arn infra secrets", "infra secrets", "secrets management", "set up secrets", "configure secrets", "audit secrets", "secrets audit", "rotate secrets", "secret storage", "vault setup", "key management", "credential management", "secrets scan", "check for exposed secrets", "secrets provider", "arn-infra-secrets", "set up secret manager", "configure secret injection", "environment variables", "env vars", "secure env vars", or wants to set up, configure, audit, or manage secrets and credential storage for their infrastructure deployment.

Quality

49%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Risky

Do not use without reviewing

Fix and improve this skill with Tessl

tessl review fix ./plugins/arn-infra/skills/arn-infra-secrets/SKILL.md

Quality

Content

62%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured orchestration skill with a clear 6-step workflow, comprehensive error handling, and experience-level-adaptive guidance. Its main weaknesses are verbosity (repeated boilerplate phrases, inline reference content that could be externalized) and limited actionability (high-level guidance rather than executable code snippets for provider setup). The workflow clarity is strong with proper user confirmation gates and audit verification loops.

Suggestions

Add executable code/command examples for at least the most common secrets provider setup (e.g., complete Terraform block for AWS Secrets Manager, full SOPS configuration example) rather than just listing step descriptions.

Extract the provider mapping table and injection configuration details into separate reference files (e.g., `secrets-providers.md`, `secrets-injection.md`) to reduce the main skill's length and improve progressive disclosure.

Remove the repeated 'For beginners, simplify guidance to the most common pattern only. For experts, show all available options with configuration details.' boilerplate — state this once at the top or in a general guidance section.

Dimension	Reasoning	Score
Conciseness	The skill is fairly long and includes some redundant phrasing (e.g., repeating 'For beginners, simplify guidance to the most common pattern only. For experts, show all available options with configuration details.' three times). The provider mapping tables and injection references are useful but could be tighter. It doesn't over-explain concepts Claude knows, but there's room to trim.	2 / 3
Actionability	The skill provides structured steps and specific provider mappings (e.g., Terraform data sources, fly.io commands, GitHub Actions secrets), but lacks executable code examples. The IaC references are one-liners without full context, and the secrets provider setup steps are high-level guidance rather than copy-paste ready commands. The agent invocation pattern is well-specified though.	2 / 3
Workflow Clarity	The 6-step workflow is clearly sequenced with explicit validation checkpoints: scanning before recommending, user confirmation before executing setup, audit verification after configuration, and clear error handling with fallback paths. The feedback loop for audit failures (pass/fail/N/A with remediation) is well-defined, and the error handling section covers edge cases comprehensively.	3 / 3
Progressive Disclosure	The skill references external files like `secrets-providers.md`, `secrets-audit-checklist.md`, `experience-derivation.md`, and `tooling-manifest.json`, which suggests good structural intent. However, no bundle files were provided to verify these exist, and the main SKILL.md is quite long (~200+ lines) with inline content (provider mapping tables, injection configurations) that could be split into reference files. The references are one-level deep and clearly signaled, which is good.	2 / 3
	Total	9 / 12 Passed

Description

37%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is essentially a long list of trigger phrases with no substantive explanation of what the skill actually does. While the trigger term coverage is excellent, the complete absence of concrete capability descriptions makes it impossible for Claude to understand the skill's scope or differentiate it from other infrastructure-related skills. The description needs a clear 'what it does' section listing specific actions.

Suggestions

Add concrete capability descriptions before the trigger terms, e.g., 'Sets up and configures secrets managers (AWS Secrets Manager, HashiCorp Vault), scans codebases for exposed credentials, rotates secrets on schedule, and injects secrets into deployment environments.'

Restructure to follow the pattern: '[What it does]. Use when [trigger conditions].' rather than leading with trigger phrases alone.

Trim the trigger phrase list to the most distinctive terms and consolidate synonyms — the current exhaustive list adds noise without compensating for the missing capability description.

Dimension	Reasoning	Score
Specificity	The description lists no concrete actions or capabilities. It only provides trigger phrases and a vague closing clause about setting up, configuring, auditing, or managing secrets. There is no explanation of what the skill actually does (e.g., 'creates Vault configurations', 'scans codebases for exposed credentials', 'rotates AWS Secrets Manager keys').	1 / 3
Completeness	While the 'when' is thoroughly addressed via the long list of trigger phrases, the 'what does this do' is essentially absent — there is no description of the skill's actual capabilities, outputs, or behaviors. The rubric requires both to be clearly answered; the 'what' is very weak.	1 / 3
Trigger Term Quality	The description includes an extensive list of natural trigger terms covering many variations a user might say, including 'manage secrets', 'rotate secrets', 'env vars', 'credential management', 'vault setup', 'secrets scan', 'check for exposed secrets', and more. This provides excellent keyword coverage.	3 / 3
Distinctiveness Conflict Risk	The domain of secrets management is fairly specific, but the description is so broad (covering auditing, scanning, rotation, storage, vault setup, key management, credential management, environment variables) that it could overlap with multiple more specialized skills. Without concrete capability descriptions, it's hard to distinguish from adjacent skills.	2 / 3
	Total	7 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Repository: AppsVortex/arness
Commit: b9084b6

Reviewed: about 1 month ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.