aws-secrets-rotation
Automate AWS secrets rotation for RDS, API keys, and credentials
52
41%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-aws-secrets-rotation/SKILL.mdQuality
Discovery
40%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear and distinct niche (AWS secrets rotation) with some useful trigger terms, but it lacks a 'Use when...' clause and doesn't enumerate specific concrete actions beyond the high-level 'automate rotation'. It would benefit from explicit trigger guidance and more detailed capability listing.
Suggestions
Add a 'Use when...' clause with trigger phrases like 'Use when the user needs to set up or manage secret rotation in AWS Secrets Manager, rotate RDS passwords, or automate API key renewal.'
List more specific actions such as 'configure rotation Lambda functions, set rotation schedules, update IAM policies for rotation, test secret rotation workflows'.
Include additional natural trigger terms like 'Secrets Manager', 'rotate password', 'database credentials', 'secret lifecycle management'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (AWS secrets rotation) and lists some targets (RDS, API keys, credentials), but doesn't describe concrete actions beyond 'automate rotation' — e.g., no mention of creating rotation lambdas, updating policies, configuring schedules, etc. | 2 / 3 |
Completeness | Describes what it does (automate AWS secrets rotation) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. Per the rubric, a missing 'Use when...' clause caps completeness at 2, and since the 'what' is also only moderately detailed, this scores a 1. | 1 / 3 |
Trigger Term Quality | Includes relevant keywords like 'AWS', 'secrets rotation', 'RDS', 'API keys', and 'credentials', which users might naturally say. However, it misses common variations like 'Secrets Manager', 'rotate password', 'database credentials', 'secret lifecycle', or 'AWS SM'. | 2 / 3 |
Distinctiveness Conflict Risk | The combination of 'AWS secrets rotation' with 'RDS, API keys, and credentials' is a clear, narrow niche that is unlikely to conflict with other skills. It targets a very specific AWS operational task. | 3 / 3 |
Total | 8 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, executable code examples covering the full spectrum of AWS secrets rotation, which is its primary strength. However, it is far too verbose and monolithic — it tries to be a comprehensive reference document rather than a focused skill, including SDK examples in multiple languages, compliance scripts, and extensive checklists that bloat the content. The lack of progressive disclosure and clear end-to-end workflow sequencing significantly reduces its effectiveness as a skill file.
Suggestions
Split the content into multiple files: keep SKILL.md as a concise overview with the core rotation setup, and move Lambda templates, SDK integration examples, monitoring/audit scripts, and compliance reporting into separate referenced files.
Remove content Claude already knows: basic boto3/SDK usage patterns, the 'Supported Secret Types' list, and generic best practice checklists add little value and should be cut.
Add a clear numbered end-to-end workflow at the top showing the complete sequence for setting up rotation (create secret → create Lambda → configure rotation → verify → monitor) with explicit validation checkpoints.
Remove the dual-language SDK examples (Python + Node.js) — pick one or move both to a separate INTEGRATION.md file, as application integration is tangential to the rotation skill itself.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~350+ lines, covering secret creation, retrieval, rotation Lambda functions, monitoring, application integration in two languages, compliance tracking, best practice checklists, and example prompts. Much of this is reference documentation Claude already knows (e.g., basic boto3 usage, Node.js SDK patterns, how to create CloudWatch alarms). The supported secret types list and best practices checklists add little actionable value. | 1 / 3 |
Actionability | The skill provides fully executable CLI commands, complete Python Lambda rotation functions, bash audit scripts, and SDK integration examples that are copy-paste ready. The code is concrete with specific AWS CLI flags, proper JSON structures, and real function implementations. | 3 / 3 |
Workflow Clarity | The Lambda rotation function follows the four-step rotation workflow (createSecret → setSecret → testSecret → finishSecret) with a test/validation step, but the overall skill lacks explicit sequencing for the end-to-end setup process. There's no clear 'do step 1, then step 2, validate, then proceed' workflow for setting up rotation from scratch, and error recovery guidance is minimal. | 2 / 3 |
Progressive Disclosure | This is a monolithic wall of content with everything inline — Lambda functions, audit scripts, compliance reports, SDK examples in two languages, monitoring setup, and best practices checklists. None of this is split into referenced files. The Additional Resources section links externally but the internal content desperately needs splitting into separate files (e.g., ROTATION_LAMBDAS.md, MONITORING.md, SDK_EXAMPLES.md). | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
f1697b6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.