credentials
Secure credential management for trading platforms
51
40%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./src/skills/bundled/credentials/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is too terse and vague to be effective for skill selection. It fails to specify concrete actions the skill performs and entirely lacks a 'Use when...' clause, making it difficult for Claude to know when to select it over other skills. The trading platform domain provides some distinctiveness, but the description needs significantly more detail.
Suggestions
Add specific concrete actions such as 'Stores, retrieves, rotates, and encrypts API keys and secrets for trading platform integrations'.
Add an explicit 'Use when...' clause, e.g., 'Use when the user needs to manage API keys, tokens, passwords, or authentication credentials for trading platforms like Binance, Coinbase, or brokerage APIs'.
Include natural trigger terms users would say, such as 'API key', 'secret', 'token', 'password', 'authentication', and names of specific trading platforms.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague language ('secure credential management') without listing any concrete actions like storing, rotating, encrypting, or retrieving credentials. | 1 / 3 |
Completeness | The description weakly addresses 'what' (credential management) but completely lacks any 'when' clause or explicit trigger guidance for when Claude should select this skill. | 1 / 3 |
Trigger Term Quality | It includes some relevant keywords like 'credential', 'trading platforms', and 'secure', but misses common variations users might say such as 'API keys', 'passwords', 'secrets', 'authentication', or specific platform names. | 2 / 3 |
Distinctiveness Conflict Risk | The combination of 'credential management' and 'trading platforms' narrows the domain somewhat, but 'credential management' alone could overlap with general security or secrets management skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, executable TypeScript code and clear chat command syntax for credential management across multiple trading platforms. However, it suffers from being a monolithic API reference dump rather than a well-structured skill with progressive disclosure, and lacks an explicit setup workflow with validation checkpoints. Some content like the security features table and best practices section add little value for Claude.
Suggestions
Split into a concise SKILL.md overview with quick-start examples, and move the full API reference to a separate API_REFERENCE.md file
Add an explicit setup workflow: 1. Generate encryption key → 2. Initialize manager → 3. Set credentials → 4. Test connection → 5. Verify with /creds status
Remove the Security Features table and Best Practices section — these are either marketing language or common knowledge that doesn't help Claude execute tasks
Add error handling examples showing what to do when credential setup fails (e.g., invalid key format, connection timeout)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is mostly efficient with concrete code examples, but includes some unnecessary padding like 'Military-grade encryption at rest' marketing language, the Security Features table with vague descriptions, and the Best Practices section which states things Claude already knows. The supported platforms table is useful but the security table adds little actionable value. | 2 / 3 |
Actionability | The skill provides fully executable TypeScript code for every operation (set, get, delete, test credentials), concrete chat commands with clear syntax, and platform-specific credential schemas. Code examples are copy-paste ready with realistic parameter values. | 3 / 3 |
Workflow Clarity | The chat commands and API methods are clearly organized by operation type, but there's no explicit workflow sequence for the credential setup process (e.g., generate key → configure → set credentials → test → verify). The cooldown management section shows error handling but there's no overall validation workflow or feedback loop for the setup process. | 2 / 3 |
Progressive Disclosure | This is a monolithic file with ~200 lines of inline API reference that could be split into separate files (e.g., chat commands overview in SKILL.md, full API reference in API.md, platform-specific details in PLATFORMS.md). There are no references to external files and everything is dumped into one document. | 1 / 3 |
Total | 8 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- alsk1992/CloddsBot
- Commit
e71a5f6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.