integrating-secrets-managers
Manage this skill enables AI assistant to seamlessly integrate with various secrets managers like hashicorp vault and aws secrets manager. it generates configurations and setup code, ensuring best practices for secure credential management. use this skill when... Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.
35
21%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/devops/secrets-manager-integrator/skills/integrating-secrets-managers/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is largely a template with placeholder text that was never properly filled in. The 'Use when' and 'Trigger with' sections are generic boilerplate providing no actionable guidance for skill selection. While it names two specific tools (HashiCorp Vault, AWS Secrets Manager), the rest of the description is vague fluff with no concrete actions or real trigger terms.
Suggestions
Replace the placeholder 'Use when appropriate context detected' with specific trigger scenarios, e.g., 'Use when the user asks about storing secrets, managing API keys, configuring HashiCorp Vault, AWS Secrets Manager, or rotating credentials.'
List concrete actions the skill performs, e.g., 'Generates Vault policy files, creates IAM roles for Secrets Manager access, writes secret retrieval code in Python/Go/Node.js, and configures secret rotation schedules.'
Remove first/second person language ('enables AI assistant') and rewrite in third person, e.g., 'Generates configurations and setup code for secrets management platforms including HashiCorp Vault and AWS Secrets Manager.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description mentions 'hashicorp vault' and 'aws secrets manager' as domain references and vaguely says it 'generates configurations and setup code,' but the actions are not concrete or comprehensive. Phrases like 'seamlessly integrate' and 'ensuring best practices' are vague fluff. | 1 / 3 |
Completeness | The 'what' is weakly stated with vague language, and the 'when' clause is entirely a placeholder with no real guidance ('Use when appropriate context detected'). This fails to answer either question meaningfully. | 1 / 3 |
Trigger Term Quality | While 'hashicorp vault' and 'aws secrets manager' are mentioned, the 'Use when' and 'Trigger with' clauses are completely generic placeholders ('appropriate context detected', 'relevant phrases based on skill purpose') that provide zero actual trigger terms a user would say. | 1 / 3 |
Distinctiveness Conflict Risk | The mention of specific tools like 'hashicorp vault' and 'aws secrets manager' provides some domain specificity, but the overall vagueness of 'secrets managers' and 'secure credential management' could overlap with general security or DevOps skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill covers a broad and important topic but fails to provide the concrete, executable guidance that would make it actionable. It reads more like a high-level checklist or planning document than an operational skill. The complete absence of code snippets, policy examples, or CLI commands is the most critical weakness, especially given that the Output section promises HCL policies, IAM policies, and application code snippets that are never actually demonstrated.
Suggestions
Add concrete, executable code examples for at least 2 providers: e.g., a Vault HCL policy, an AWS IAM policy JSON, and SDK code snippets (Python/Go) for secret retrieval from each platform.
Add explicit validation checkpoints in the workflow, especially before step 8 (removing hardcoded secrets): e.g., 'Verify secret retrieval works: `vault kv get apps/myapp/prod/database` should return the expected value' and 'Test the application with secret manager integration in a staging environment before removing hardcoded secrets.'
Split provider-specific details into separate referenced files (e.g., VAULT.md, AWS_SECRETS.md, GCP_SECRETS.md) to manage the breadth of the topic and improve progressive disclosure.
Replace the prose 'Examples' section with actual input/output examples showing concrete configurations and commands for specific scenarios.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is reasonably organized but includes some unnecessary verbosity, such as the prerequisites section listing things Claude would already know (e.g., 'Network connectivity between application workloads and the secrets manager endpoint') and the Examples section which just lists vague use-case descriptions rather than providing executable examples. The overview also restates what the title already conveys. | 2 / 3 |
Actionability | Despite covering a complex multi-platform topic, the skill provides zero executable code, no concrete commands, no policy snippets (HCL or JSON), and no SDK code examples. The instructions are entirely abstract descriptions of what to do rather than how to do it. The 'Examples' section contains prose descriptions of scenarios, not actual code or configuration examples. | 1 / 3 |
Workflow Clarity | The 9-step workflow provides a reasonable sequence for secrets manager integration, and the error handling table is a useful addition. However, there are no validation checkpoints or feedback loops—no step says 'verify the secret is accessible before proceeding' or 'test the rotation before removing hardcoded secrets.' For a destructive operation like removing hardcoded secrets (step 8), this is a significant gap. | 2 / 3 |
Progressive Disclosure | The content is structured with clear sections (Overview, Prerequisites, Instructions, Output, Error Handling, Examples, Resources), which is good. However, given the breadth of the topic (4 cloud providers, multiple auth methods, multiple integration patterns), this should be split into separate files per provider or pattern. The Resources section links to external docs but there are no bundle files to support progressive disclosure. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3a2d27d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.