aws-secrets-rotation
Automate AWS secrets rotation for RDS, API keys, and credentials
41
41%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-aws-secrets-rotation/SKILL.mdQuality
Discovery
40%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear and distinct domain (AWS secrets rotation) with some specific targets, giving it good distinctiveness. However, it lacks a 'Use when...' clause, which is critical for Claude to know when to select this skill, and the action verbs are limited to just 'automate.' Adding explicit trigger guidance and more concrete actions would significantly improve this description.
Suggestions
Add a 'Use when...' clause with trigger terms like 'rotate secrets', 'Secrets Manager', 'RDS password rotation', 'credential rotation', 'secret lifecycle management'.
List more specific concrete actions such as 'configure rotation Lambda functions, set rotation schedules, manage Secrets Manager policies, update RDS credentials automatically'.
Include additional natural keyword variations users might say, such as 'AWS Secrets Manager', 'rotate password', 'KMS encryption', or 'secret expiration'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (AWS secrets rotation) and lists some specific targets (RDS, API keys, credentials), but doesn't describe concrete actions beyond 'automate rotation' — e.g., it doesn't mention creating rotation lambdas, configuring schedules, updating Secrets Manager policies, etc. | 2 / 3 |
Completeness | Describes what the skill does (automate AWS secrets rotation) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. Per the rubric, a missing 'Use when...' clause caps completeness at 2, and since the 'what' is also only moderately detailed, this scores a 1. | 1 / 3 |
Trigger Term Quality | Includes relevant keywords like 'AWS', 'secrets rotation', 'RDS', 'API keys', and 'credentials', which are terms users might naturally use. However, it misses common variations like 'Secrets Manager', 'rotate password', 'secret lifecycle', 'Lambda rotation function', or 'KMS'. | 2 / 3 |
Distinctiveness Conflict Risk | The combination of 'AWS secrets rotation', 'RDS', 'API keys', and 'credentials' creates a clear niche that is unlikely to conflict with other skills. This is a well-defined domain with distinct trigger terms. | 3 / 3 |
Total | 8 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, executable code examples covering a broad range of secrets rotation scenarios, which is its primary strength. However, it is excessively verbose — cramming SDK examples, audit scripts, compliance reports, best practice checklists, and multiple rotation patterns into a single file without progressive disclosure. The workflow for end-to-end setup lacks clear sequencing and validation checkpoints between major steps like IAM configuration, Lambda deployment, and rotation enablement.
Suggestions
Reduce the SKILL.md to a concise overview (~100 lines) covering secret creation, rotation enablement, and the Lambda rotation pattern, then split SDK integration, audit/compliance scripts, and custom API key rotation into separate referenced files.
Add an explicit numbered end-to-end workflow for setting up rotation from scratch, including IAM role creation, Lambda deployment, rotation enablement, and verification checkpoints between each step.
Remove sections Claude already knows or can infer: 'Supported Secret Types' list, 'Example Prompts', 'Kiro CLI Integration', basic SDK retrieval patterns, and the 'Additional Resources' links.
Add validation/verification steps after Lambda deployment (test invoke) and after enabling rotation (check rotation status, verify secret version stages) to catch configuration errors early.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~350+ lines, including multiple SDK integration examples (Python, Node.js), compliance tracking scripts, audit scripts, and best practice checklists that are largely general knowledge Claude already possesses. The 'Supported Secret Types' list, 'Example Prompts', 'Kiro CLI Integration', and 'Additional Resources' sections add little actionable value. Much of this could be cut by 60%+ without losing essential guidance. | 1 / 3 |
Actionability | The skill provides fully executable CLI commands, complete Python Lambda rotation functions, bash audit scripts, and SDK integration code that are copy-paste ready. The code examples are concrete with specific AWS CLI flags, proper boto3 usage, and realistic secret structures. | 3 / 3 |
Workflow Clarity | The Lambda rotation function follows the four-step AWS rotation protocol (createSecret → setSecret → testSecret → finishSecret) which is clear, and the emergency rotation section includes verification. However, the overall setup workflow lacks explicit sequencing — there's no clear numbered workflow tying together secret creation, Lambda deployment, IAM permissions, rotation enablement, and monitoring setup. Validation checkpoints between these major steps are missing. | 2 / 3 |
Progressive Disclosure | Everything is in a single monolithic file with no content split into supporting files. The compliance report, audit script, SDK integration examples, and custom rotation functions could all be separate referenced files. With no bundle files provided, this is a wall of text that dumps everything at once rather than providing a concise overview with pointers to detailed materials. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
8ac11ab
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.