aws-secrets-rotation
Automate AWS secrets rotation for RDS, API keys, and credentials
52
41%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-aws-secrets-rotation/SKILL.mdQuality
Discovery
40%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear and distinct niche (AWS secrets rotation) with some useful trigger terms, but it lacks a 'Use when...' clause and doesn't enumerate specific concrete actions beyond the high-level 'automate rotation'. It would benefit from explicit trigger guidance and more detailed capability listing.
Suggestions
Add a 'Use when...' clause with trigger phrases like 'Use when the user needs to set up or manage secret rotation in AWS Secrets Manager, rotate RDS passwords, or automate API key renewal.'
List more specific actions such as 'configure rotation Lambda functions, set rotation schedules, update IAM policies for rotation, test secret rotation workflows'.
Include additional natural trigger terms like 'Secrets Manager', 'rotate password', 'database credentials', 'secret lifecycle management'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (AWS secrets rotation) and lists some targets (RDS, API keys, credentials), but doesn't describe concrete actions beyond 'automate rotation' — e.g., no mention of creating rotation lambdas, updating policies, configuring schedules, etc. | 2 / 3 |
Completeness | Describes what it does (automate AWS secrets rotation) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. Per the rubric, a missing 'Use when...' clause caps completeness at 2, and since the 'what' is also only moderately detailed, this scores a 1. | 1 / 3 |
Trigger Term Quality | Includes relevant keywords like 'AWS', 'secrets rotation', 'RDS', 'API keys', and 'credentials', which users might naturally say. However, it misses common variations like 'Secrets Manager', 'rotate password', 'database credentials', 'secret lifecycle', or 'AWS SM'. | 2 / 3 |
Distinctiveness Conflict Risk | The combination of 'AWS secrets rotation' with 'RDS, API keys, and credentials' is a clear, narrow niche that is unlikely to conflict with other skills. It targets a very specific AWS operational task. | 3 / 3 |
Total | 8 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, executable code and commands for AWS secrets rotation, which is its primary strength. However, it is significantly over-long and verbose, inlining content that should be split across referenced files (Lambda templates, audit scripts, SDK examples). It also includes substantial content Claude already knows (basic SDK patterns, what secret types are) and lacks clear end-to-end workflow sequencing with validation checkpoints for the overall rotation setup process.
Suggestions
Reduce the main SKILL.md to a concise overview (~80-100 lines) covering setup, rotation enablement, and emergency rotation, then move Lambda templates, audit scripts, compliance reports, and SDK integration examples into separate referenced files.
Remove the 'Supported Secret Types' enumeration, 'Example Prompts', 'Kiro CLI Integration', and basic SDK retrieval examples—these are either obvious to Claude or not actionable instructions.
Add an explicit end-to-end workflow with numbered steps and validation checkpoints for setting up rotation from scratch (e.g., 1. Create secret → 2. Deploy Lambda → 3. Configure permissions → 4. Enable rotation → 5. Verify with test rotation → 6. Set up monitoring).
Add error recovery guidance: what to do when rotation fails mid-process, how to roll back to AWSCURRENT, and how to verify application connectivity after rotation.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~350+ lines, including extensive boilerplate Claude already knows (Python/Node.js SDK usage, basic boto3 patterns, what secret types exist). The 'Supported Secret Types' list, 'Example Prompts', 'Kiro CLI Integration', and 'Additional Resources' sections add little actionable value. Application integration examples for Python and Node.js are standard SDK patterns Claude knows well. | 1 / 3 |
Actionability | The skill provides fully executable CLI commands, complete Python Lambda rotation functions, bash audit scripts, and working code examples that are copy-paste ready. Commands include specific flags, ARN formats, and JSON structures. | 3 / 3 |
Workflow Clarity | The Lambda rotation function follows the four-step rotation workflow (createSecret → setSecret → testSecret → finishSecret) with a test/validation step, but the overall setup workflow lacks explicit sequencing and validation checkpoints. There's no clear 'if rotation fails, do X' recovery flow outside the Lambda itself, and the emergency rotation section doesn't include verification that dependent applications still work. | 2 / 3 |
Progressive Disclosure | Everything is inlined in a single monolithic file with no references to separate detailed documents. The compliance report, audit script, application integration examples, and Lambda functions could all be split into referenced files. The document is a wall of code blocks with minimal navigation structure. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
431bfad
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.