CtrlK
BlogDocsLog inGet started
Tessl Logo

databricks-security-basics

Apply Databricks security best practices for secrets and access control. Use when securing API tokens, implementing least privilege access, or auditing Databricks security configuration. Trigger with phrases like "databricks security", "databricks secrets", "secure databricks", "databricks token security", "databricks scopes".

67

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is highly actionable with executable CLI, SDK, and SQL examples across seven sequenced steps, but it leans long and lacks validation checkpoints around the destructive token-rotation step. Progressive disclosure is adequate but the dangling `databricks-prod-checklist` reference has no corresponding bundle file.

Suggestions

Add a validation checkpoint before deleting the old PAT in `rotate_token` (e.g., verify the new token authenticates before `w.tokens.delete`), since rotation is a destructive batch operation.

Tighten or relocate the DEPRECATED banner and Overview prose to reduce token spend on context Claude can infer; keep the code blocks which earn their place.

Resolve the `databricks-prod-checklist` reference — either create the referenced bundle/skill file or remove the dangling pointer so navigation is unambiguous.

DimensionReasoningScore

Conciseness

The body is code-dense and largely lean, but the DEPRECATED banner, the Overview restating API details, and inline explanatory comments ('Printing shows [REDACTED] — Databricks prevents accidental exposure') could be trimmed. Not a 3 because some tokens are spent on context Claude can infer; not a 1 because there is no concept padding.

2 / 3

Actionability

Every step provides copy-paste-ready executable bash (`databricks secrets ...`), Python (`WorkspaceClient` token audit/rotation), and SQL (Unity Catalog grants, masking, audit queries) — fully concrete and runnable.

3 / 3

Workflow Clarity

Steps 1-7 are clearly sequenced with a checklist and error-handling table, but the destructive token rotation (Step 4) deletes the old token without a validation checkpoint confirming the new token works first, capping the score at 2 per the destructive-operation guideline.

2 / 3

Progressive Disclosure

Sections are well-organized, but the body is a monolithic ~220-line single file with no bundle files present, and it dangles an unsignaled reference to `databricks-prod-checklist` that is not a real bundle file — structure exists but navigation/splitting could be clearer.

2 / 3

Total

9

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, complete, and well-triggered with concrete actions and natural phrases in third person. It clearly answers both what the skill does and when to invoke it.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — 'securing API tokens, implementing least privilege access, or auditing Databricks security configuration' plus 'secrets and access control' — matching the multi-action anchor.

3 / 3

Completeness

Explicitly answers both what ('Apply Databricks security best practices for secrets and access control') and when ('Use when securing API tokens... auditing Databricks security configuration') with explicit triggers, satisfying the top anchor.

3 / 3

Trigger Term Quality

Provides natural trigger phrases a user would actually say ('databricks security', 'databricks secrets', 'secure databricks', 'databricks token security', 'databricks scopes') with good variation coverage.

3 / 3

Distinctiveness Conflict Risk

The 'Databricks'-prefixed triggers carve a clear niche unlikely to collide with other skills, and the security/secrets scope is distinct from general Databricks or data skills.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.