mtls-configuration
Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing zero-trust networking, certificate management, or securing internal service communication.
73
59%
Does it follow best practices?
Impact
97%
1.02xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./tests/ext_conformance/artifacts/agents-wshobson/cloud-infrastructure/skills/mtls-configuration/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid description with a clear 'Use when' clause and distinct trigger terms that carve out a specific niche around mTLS and zero-trust networking. Its main weakness is that the 'what' portion could be more specific about the concrete actions performed (e.g., generating certificates, configuring CAs, rotating keys) rather than just stating 'configure mutual TLS'.
Suggestions
Expand the capability description with more concrete actions, e.g., 'Generate and manage certificates, configure certificate authorities, set up mTLS between services, and rotate keys.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (mTLS, zero-trust, service-to-service communication) and mentions certificate management, but doesn't list multiple concrete actions like 'generate certificates, configure TLS termination, rotate keys, set up certificate authorities'. | 2 / 3 |
Completeness | Clearly answers both 'what' (configure mutual TLS for zero-trust service-to-service communication) and 'when' (explicit 'Use when' clause covering zero-trust networking, certificate management, or securing internal service communication). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'mTLS', 'mutual TLS', 'zero-trust', 'certificate management', 'service-to-service communication', 'internal service communication'. These cover the main terms a user would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | The focus on mTLS and zero-trust service-to-service communication is a clear niche. Terms like 'mutual TLS', 'mTLS', and 'zero-trust networking' are highly specific and unlikely to conflict with general networking or security skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
29%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides excellent, concrete, copy-paste-ready configuration templates for multiple service mesh platforms, which is its primary strength. However, it is severely bloated with conceptual explanations Claude doesn't need, lacks a coherent implementation workflow with validation checkpoints, and dumps all content inline rather than using progressive disclosure. It reads more like a reference manual than an actionable skill guide.
Suggestions
Add a clear step-by-step implementation workflow (e.g., 1. Choose mesh platform → 2. Deploy CA → 3. Enable PERMISSIVE → 4. Verify with specific command → 5. Switch to STRICT → 6. Validate) with explicit verification checkpoints between stages.
Move the large YAML templates into separate referenced files (e.g., istio-mtls.md, spire-config.md, cert-manager.md) and keep only a concise overview with links in the main skill.
Remove the 'Core Concepts' section (mTLS flow diagram, certificate hierarchy) and 'When to Use This Skill' section — Claude already understands these concepts and the frontmatter covers the use cases.
Remove the 'Resources' section with external links, as these are general references Claude already knows about and they consume tokens without adding actionable guidance.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~300 lines. It includes unnecessary conceptual explanations (mTLS flow diagram, certificate hierarchy) that Claude already knows, a 'When to Use This Skill' section that restates the frontmatter, and extensive templates that could be split into referenced files. The ASCII diagrams and 'Core Concepts' section add significant token cost without teaching Claude anything new. | 1 / 3 |
Actionability | The templates are fully concrete, copy-paste ready YAML configurations for Istio, Linkerd, cert-manager, and SPIRE. The debugging section provides specific executable commands. All code examples are real and actionable rather than pseudocode. | 3 / 3 |
Workflow Clarity | There is no clear sequenced workflow for implementing mTLS. The skill presents templates and commands but lacks a step-by-step process with validation checkpoints. For a complex operation like mTLS setup (which involves destructive/security-critical changes), there are no verification steps between stages, no feedback loops for error recovery, and no clear ordering of which templates to apply when. | 1 / 3 |
Progressive Disclosure | This is a monolithic wall of content with all templates, debugging commands, and configuration examples inline. The five large YAML templates should be in separate referenced files. There's no overview-then-drill-down structure; everything is dumped at the same level with external links only to third-party documentation. | 1 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- Dicklesworthstone/pi_agent_rust
- Commit
6e3d68c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.