k8s-security-policies

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.

1.21x

Quality

68%

Does it follow best practices?

Impact

95%

1.21x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./tests/ext_conformance/artifacts/agents-wshobson/kubernetes-operations/skills/k8s-security-policies/SKILL.md

Quality

Content

37%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill provides excellent, executable YAML examples covering a broad range of Kubernetes security topics, making it highly actionable. However, it is excessively verbose with redundant examples and generic knowledge Claude already possesses, and critically lacks any sequenced workflow or validation steps for implementing these security policies safely. The content reads as a reference catalog rather than an actionable skill guide.

Suggestions

Add a clear implementation workflow with sequenced steps and validation checkpoints, e.g.: '1. Apply default-deny NetworkPolicy → 2. Verify with `kubectl exec` that traffic is blocked → 3. Add allow rules → 4. Verify specific traffic flows work'

Consolidate the three nearly-identical Pod Security Standards examples into a single parameterized example with a table showing the three levels (privileged/baseline/restricted)

Remove the Compliance Frameworks and Best Practices sections—these are generic Kubernetes security knowledge that Claude already knows and don't provide actionable guidance

Move OPA Gatekeeper and Istio sections to separate reference files and keep SKILL.md as a focused overview with links, matching the progressive disclosure pattern already started with the Reference Files section

Dimension	Reasoning	Score
Conciseness	The skill is extremely verbose at ~300 lines, with significant redundancy. The three Pod Security Standards examples are nearly identical (differing only in one label value). The compliance frameworks section lists generic security advice Claude already knows. The 'When to Use This Skill' and 'Purpose' sections are redundant. Best practices are generic Kubernetes security knowledge that doesn't need restating.	1 / 3
Actionability	The skill provides fully executable, copy-paste ready YAML manifests for every concept covered—NetworkPolicy, RBAC, Pod Security Context, OPA Gatekeeper, and Istio policies. The troubleshooting section includes concrete kubectl commands. All examples are complete and deployable.	3 / 3
Workflow Clarity	There is no sequenced workflow for implementing security policies. The content is a reference catalog of YAML snippets without any ordering, validation checkpoints, or feedback loops. For security-critical operations like applying NetworkPolicies or RBAC changes, there are no verification steps (e.g., 'apply default-deny first, then verify connectivity is blocked, then add allow rules'). Missing validation for destructive/security operations caps this at 1.	1 / 3
Progressive Disclosure	The skill references external files (assets/network-policy-template.yaml, references/rbac-patterns.md) and related skills, which is good structure. However, no bundle files exist to support these references, and the main file itself is a monolithic wall of YAML that should have been split—the OPA Gatekeeper and Istio sections could easily be separate reference files, keeping the SKILL.md as a concise overview.	2 / 3
	Total	7 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly identifies specific Kubernetes security capabilities, includes natural trigger terms users would use, and provides an explicit 'Use when' clause. It is well-scoped to a distinct domain (Kubernetes security policies) with concrete resource types named, making it easy to distinguish from other skills.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: implementing NetworkPolicy, PodSecurityPolicy, and RBAC. These are distinct, well-defined Kubernetes security mechanisms rather than vague abstractions.	3 / 3
Completeness	Clearly answers both 'what' (implement NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security) and 'when' (explicit 'Use when' clause covering securing clusters, implementing network isolation, or enforcing pod security standards).	3 / 3
Trigger Term Quality	Includes strong natural keywords users would say: 'Kubernetes', 'security policies', 'NetworkPolicy', 'PodSecurityPolicy', 'RBAC', 'network isolation', 'pod security standards', 'securing Kubernetes clusters'. Good coverage of both specific resource names and general intent terms.	3 / 3
Distinctiveness Conflict Risk	Highly specific niche focused on Kubernetes security policies with distinct trigger terms like NetworkPolicy, PodSecurityPolicy, and RBAC. Unlikely to conflict with general Kubernetes deployment skills or generic security skills.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: Dicklesworthstone/pi_agent_rust
Commit: bbc5ade

Reviewed: 4 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.