credentials
Centralized API key management from Access.txt
40
38%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/credentials/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is too terse and abstract. It names a domain (API key management) and a specific file (Access.txt) but fails to list concrete actions, provide trigger terms users would naturally use, or include any 'Use when...' guidance. It would be difficult for Claude to reliably select this skill from a large pool.
Suggestions
Add concrete actions such as 'Reads, stores, and retrieves API keys from Access.txt for use across tools and integrations.'
Include a 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about API keys, credentials, secrets, tokens, or references Access.txt.'
Add common keyword variations like 'credentials', 'secrets', 'tokens', 'authentication keys' to improve trigger term coverage.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description is vague — 'centralized API key management' names a domain but does not list any concrete actions (e.g., read, store, rotate, validate keys). It is closer to an abstract label than a capability list. | 1 / 3 |
Completeness | The description partially addresses 'what' (API key management) but is very weak on specifics, and there is no 'when' clause or explicit trigger guidance at all. Per the rubric, a missing 'Use when...' clause caps completeness at 2, and the weak 'what' brings it down to 1. | 1 / 3 |
Trigger Term Quality | 'API key' is a natural term users might say, and 'Access.txt' is a specific file reference that could serve as a trigger. However, common variations like 'credentials', 'secrets', 'tokens', or 'authentication' are missing. | 2 / 3 |
Distinctiveness Conflict Risk | The mention of 'Access.txt' as a specific file adds some distinctiveness, but 'API key management' is broad enough to overlap with secrets management, environment variable, or credential-handling skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
55%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill is highly actionable with executable code and a well-structured workflow, but it is far too verbose for its purpose. Dual-language parsing implementations, repeated key pattern information, and inlined service-specific guides bloat the file significantly. The content would benefit greatly from splitting into a concise overview SKILL.md with references to supporting files for parsing code, validation commands, and service guides.
Suggestions
Split parsing code (Python/TypeScript), validation commands, and service-specific guides into separate referenced files to reduce SKILL.md to a concise overview
Remove one of the two language implementations from the main file (or move both to a referenced PARSING.md) since Claude can generate parsers from the regex pattern table alone
Eliminate the Quick Reference section and Prompt Template section, which duplicate information already present in the workflow and are things Claude can generate without instruction
Consolidate the key patterns table and the regex patterns in code — having both is redundant; keep the table and let Claude derive regexes from it
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~250+ lines. Provides both Python and TypeScript parsing implementations (redundant), explains prompt templates Claude can generate on its own, includes service-specific setup guides that are largely common knowledge, and repeats information (e.g., key patterns appear in both the table and the parsing code). The quick reference section largely duplicates earlier content. | 1 / 3 |
Actionability | Highly actionable with executable Python and TypeScript parsing code, concrete curl validation commands for each service, specific regex patterns for key identification, and a clear .env file generation workflow. All code is copy-paste ready. | 3 / 3 |
Workflow Clarity | The 5-step project setup workflow is clearly sequenced with explicit validation (Step 3), error reporting for missing keys (Step 5), and a feedback loop where missing credentials are identified with instructions on how to obtain them. Security rules serve as a validation checklist. | 3 / 3 |
Progressive Disclosure | Monolithic wall of content with no references to external files. The parsing code (both languages), validation commands, service-specific guides, and the key pattern table could all be split into separate reference files. Everything is inlined in a single massive document with no bundle files to support it. | 1 / 3 |
Total | 8 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- alinaqi/claude-bootstrap
- Commit
65efb33
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.