databricks-security-basics
Apply Databricks security best practices for secrets and access control. Use when securing API tokens, implementing least privilege access, or auditing Databricks security configuration. Trigger with phrases like "databricks security", "databricks secrets", "secure databricks", "databricks token security", "databricks scopes".
80
77%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/databricks-pack/skills/databricks-security-basics/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured skill description that clearly identifies its niche (Databricks security), provides explicit 'Use when' guidance, and lists natural trigger phrases. Its main weakness is that the capability actions could be more granular and concrete rather than staying at the best-practices level.
Suggestions
Add more specific concrete actions such as 'create and manage secret scopes, rotate API tokens, configure cluster ACLs, set up IP access lists' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (Databricks security) and mentions some actions like 'secrets and access control', 'securing API tokens', 'implementing least privilege access', and 'auditing security configuration', but these are somewhat high-level rather than listing multiple concrete, granular actions (e.g., creating secret scopes, rotating tokens, configuring ACLs). | 2 / 3 |
Completeness | The description clearly answers both 'what' (apply Databricks security best practices for secrets and access control) and 'when' (securing API tokens, implementing least privilege, auditing security config) with explicit trigger phrases provided. | 3 / 3 |
Trigger Term Quality | The description explicitly lists natural trigger phrases like 'databricks security', 'databricks secrets', 'secure databricks', 'databricks token security', 'databricks scopes', which are terms users would naturally use. It also includes contextual triggers like 'API tokens' and 'least privilege access'. | 3 / 3 |
Distinctiveness Conflict Risk | The description is highly specific to Databricks security, secrets, and access control, making it clearly distinguishable from general security skills or other Databricks skills focused on different areas like data engineering or ML workflows. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, highly actionable skill with executable examples across CLI, Python, and SQL. Its main weaknesses are the lack of validation checkpoints in the workflow (especially around token rotation and ACL verification) and the monolithic structure that packs substantial content into a single file without leveraging progressive disclosure. Minor verbosity in comments and supplementary sections could be trimmed.
Suggestions
Add explicit validation steps after critical operations — e.g., verify secret scope creation with `databricks secrets list-scopes`, confirm ACLs with `databricks secrets list-acls`, and validate the new token works before deleting the old one in `rotate_token()`.
Split detailed reference content (token audit code, Unity Catalog grant patterns, column masking/row security SQL) into separate bundle files and reference them from the main SKILL.md to improve progressive disclosure.
Remove or condense the 'Output' section and trim explanatory comments that state what the code already makes obvious (e.g., the REDACTED print explanation).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with executable examples, but includes some unnecessary elements like the 'Output' section listing expected deliverables, the 'Prerequisites' section stating obvious requirements, and comments that over-explain (e.g., '# Printing shows [REDACTED] — Databricks prevents accidental exposure'). The content is substantial but could be tightened. | 2 / 3 |
Actionability | Excellent actionability throughout — every step provides fully executable CLI commands, Python code, or SQL statements that are copy-paste ready. The token audit function is complete and runnable, secret scope commands are specific, and Unity Catalog grants show concrete role-based examples. | 3 / 3 |
Workflow Clarity | Steps are clearly sequenced (1-7) and logically ordered from scope creation through auditing. However, there are no explicit validation checkpoints or feedback loops — for example, after creating secret scopes or setting ACLs, there's no 'verify the scope was created correctly' step, and the token rotation function deletes the old token without confirming the new one was successfully stored. | 2 / 3 |
Progressive Disclosure | The skill has good section structure and a Resources section with external links, but at ~150+ lines it's a monolithic document that could benefit from splitting detailed content (e.g., token audit code, Unity Catalog grants, column masking) into separate reference files. The 'Next Steps' reference to 'databricks-prod-checklist' is not backed by any bundle file. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3a2d27d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.