credentials
Centralized API key management from Access.txt
50
38%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/credentials/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is too terse and vague to effectively guide skill selection. It names a domain (API key management) and a specific file (Access.txt) but fails to list concrete actions or provide any 'Use when...' trigger guidance. It would be easily confused with other credential or configuration management skills.
Suggestions
Add a 'Use when...' clause specifying triggers, e.g., 'Use when the user needs to retrieve, store, or rotate API keys, or references Access.txt, credentials, or secrets.'
List specific concrete actions the skill performs, e.g., 'Reads, writes, and validates API keys stored in Access.txt. Supports adding new keys, removing expired keys, and looking up keys by service name.'
Include common natural-language trigger terms users might say, such as 'credentials', 'secrets', 'tokens', 'API keys', 'authentication keys', or 'Access.txt'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description is vague — 'centralized API key management' names a domain but does not list any concrete actions (e.g., read keys, rotate keys, validate keys). It is closer to abstract language than actionable specifics. | 1 / 3 |
Completeness | The description partially addresses 'what' (API key management) but provides no 'when' clause or explicit trigger guidance. Per the rubric, a missing 'Use when...' clause caps completeness at 2, and the 'what' is also weak, so this scores a 1. | 1 / 3 |
Trigger Term Quality | It includes 'API key' and 'Access.txt' which are somewhat relevant trigger terms a user might mention, but it misses common variations like 'credentials', 'secrets', 'tokens', 'authentication', or 'env variables'. | 2 / 3 |
Distinctiveness Conflict Risk | The mention of 'Access.txt' as a specific file adds some distinctiveness, but 'API key management' is broad enough to overlap with secrets management, environment configuration, or credential storage skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
55%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill is highly actionable with executable code and a clear workflow, but it is far too verbose for its purpose. It includes redundant implementations in two languages, extensive inline reference material (pattern tables, service guides) that should be in separate files, and prompt templates that over-explain what Claude should say. The content would benefit greatly from being split into a concise overview with references to detailed sub-files.
Suggestions
Reduce to one language implementation (or move the second to a separate reference file) and trim the pattern table to just the regex patterns without the full parsing code inline.
Extract the service-specific setup guides, validation commands, and key identification table into separate referenced files (e.g., VALIDATION.md, PATTERNS.md) to improve progressive disclosure.
Remove the prompt templates - Claude doesn't need scripted dialogue; a brief instruction like 'Ask user for credentials file path' suffices.
Consolidate the three supported file format examples into a single brief note that the parser handles colon-separated, key=value, and informal formats.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~250+ lines. It provides both Python and TypeScript parsing implementations (redundant), explains multiple file formats Claude could easily handle, includes a full regex pattern table that could be much more compact, and has service-specific setup guides that add bulk. The prompt templates explaining what Claude should say are also unnecessary padding. | 1 / 3 |
Actionability | The skill provides fully executable Python and TypeScript code for parsing credentials, concrete curl commands for validation, specific regex patterns for key identification, and step-by-step commands for .env file creation. Everything is copy-paste ready. | 3 / 3 |
Workflow Clarity | The Project Setup Workflow section has a clear 5-step sequence: ask for file → parse → validate → create .env → report missing keys. It includes explicit validation checkpoints (Step 3) and error recovery (Step 5 for missing keys). The validate-then-proceed pattern is well-defined. | 3 / 3 |
Progressive Disclosure | Everything is crammed into a single monolithic file with no references to external files. The parsing code, validation commands, service-specific guides, and security rules could all be split into separate referenced documents. The key identification table, both language implementations, and service guides make this a wall of content. | 1 / 3 |
Total | 8 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- alinaqi/claude-bootstrap
- Commit
d4ddb03
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.