api-key-manager
Api Key Manager - Auto-activating skill for Security Fundamentals. Triggers on: api key manager, api key manager Part of the Security Fundamentals skill category.
32
Quality
0%
Does it follow best practices?
Impact
92%
1.08xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/api-key-manager/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder with no substantive content. It provides only the skill name, a category label, and redundant trigger terms. Claude would have no basis for knowing when to select this skill or what capabilities it offers.
Suggestions
Add specific concrete actions the skill performs (e.g., 'Generates, stores, rotates, and validates API keys. Manages secret storage and access controls.')
Include a 'Use when...' clause with natural trigger terms users would say (e.g., 'Use when the user mentions API keys, secrets, credentials, tokens, or needs to manage authentication keys')
Remove the redundant trigger term and replace with varied natural language terms like 'store secrets', 'rotate keys', 'manage credentials', 'API authentication'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. 'Api Key Manager' is just a name, and 'Auto-activating skill for Security Fundamentals' provides no information about what the skill actually does. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no explanation of capabilities and no meaningful trigger guidance beyond the redundant skill name. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'api key manager' repeated twice, which is the skill name itself rather than natural user language. Missing terms users would actually say like 'store api key', 'manage secrets', 'rotate credentials', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The description is too vague to be distinctive. 'Security Fundamentals' is generic, and without knowing what the skill actually does, it could conflict with any security-related skill. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty template with no actual content about API key management. It contains only generic boilerplate describing what a skill should do without providing any concrete guidance, code examples, security practices, or actionable instructions. The skill fails to teach Claude anything about API key management.
Suggestions
Add concrete code examples for secure API key storage, rotation, and validation (e.g., using environment variables, secrets managers, or encrypted storage)
Include specific security practices: key rotation schedules, avoiding hardcoded keys, secure transmission, and revocation procedures
Provide a clear workflow for API key lifecycle management: generation → secure storage → usage → rotation → revocation
Add examples of common mistakes to avoid (hardcoded keys, logging keys, insecure storage) with correct alternatives
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific about API key management. Phrases like 'provides automated assistance' and 'follows industry best practices' are filler that Claude doesn't need. | 1 / 3 |
Actionability | No concrete code, commands, or specific guidance is provided. The skill describes what it does abstractly ('provides step-by-step guidance') but never actually provides any guidance, examples, or executable instructions for API key management. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process is defined. The content only describes trigger conditions and vague capabilities without any actual sequence of actions for managing API keys securely. | 1 / 3 |
Progressive Disclosure | No structure beyond generic headings. No references to detailed documentation, no examples, and no organization of content by complexity or use case. The content is a shallow placeholder with no depth to disclose. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.