configuring-ip-allowlists
Configures and hardens IP allowlists for CockroachDB Cloud clusters to restrict network access to authorized CIDR ranges. Use when tightening network security, removing overly permissive allowlist entries like 0.0.0.0/0, or setting up allowlists for a new cluster.
90
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the marks. It provides specific concrete actions, includes a well-structured 'Use when' clause with multiple trigger scenarios, uses natural keywords that users would actually say, and is clearly scoped to a distinct niche (CockroachDB Cloud IP allowlists). The description is concise yet comprehensive, and uses proper third-person voice throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: configures IP allowlists, hardens them, restricts network access to authorized CIDR ranges, removes overly permissive entries like 0.0.0.0/0, and sets up allowlists for new clusters. | 3 / 3 |
Completeness | Clearly answers both 'what' (configures and hardens IP allowlists for CockroachDB Cloud clusters to restrict network access) and 'when' (explicit 'Use when' clause covering tightening network security, removing permissive entries, or setting up allowlists for new clusters). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'IP allowlists', 'CockroachDB Cloud', 'network security', 'CIDR ranges', '0.0.0.0/0', 'allowlist entries', 'network access'. These cover both the product-specific and general networking terms a user would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: CockroachDB Cloud IP allowlists specifically. The combination of product name, feature (IP allowlists), and specific use cases (CIDR ranges, 0.0.0.0/0) makes it very unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, highly actionable skill with excellent workflow clarity and safety considerations for a destructive operation (removing network access). Its main weakness is moderate verbosity — some sections like 'When to Use' and 'Allowlist Limits' could be trimmed, and the example CIDR table, while helpful, adds length. The progressive disclosure is reasonable but hard to fully evaluate without bundle files.
Suggestions
Trim or remove the 'When to Use This Skill' section — the description and context make the use cases self-evident
Move the allowlist limits guidance and the CIDR planning table into a reference file to keep the main skill leaner
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient but includes some unnecessary content. The 'When to Use This Skill' section largely repeats the description, the prerequisites section explains things Claude would know, and the CIDR table with example IPs adds length. The allowlist limits section could be tighter. However, most content is relevant and not egregiously padded. | 2 / 3 |
Actionability | Every step includes concrete, copy-paste-ready CLI commands with realistic examples. The commands show exact flags (--sql, --ui, --name), positional arguments, and multiple usage patterns. The verification and rollback steps also include executable commands. | 3 / 3 |
Workflow Clarity | The workflow is clearly sequenced with explicit validation checkpoints: list current entries → identify needed CIDRs → add specific entries → verify connectivity → remove broad entries → verify again. The safety considerations section provides an explicit order of operations with feedback loops, and the rollback section handles error recovery. The emphasis on testing before removing 0.0.0.0/0 is a critical validation checkpoint for this destructive operation. | 3 / 3 |
Progressive Disclosure | The skill references external files (references/ccloud-commands.md, related skills) which is good structure, but no bundle files were provided to verify these exist. The main content is somewhat long and the allowlist limits section and CIDR table could potentially be in reference files. The references section is well-organized with clear one-level-deep links. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- cockroachlabs/cockroachdb-skills
- Commit
84bc1e4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.