CtrlK
BlogDocsLog inGet started
Tessl Logo

integrating-secrets-managers

Manage this skill enables AI assistant to seamlessly integrate with various secrets managers like hashicorp vault and aws secrets manager. it generates configurations and setup code, ensuring best practices for secure credential management. use this skill when... Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.

51

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is concise and well-structured with a useful error-handling table, but it stays at an instructional level without executable code or validation checkpoints, and it fails to point Claude at the bundled templates and scripts it ships with.

Suggestions

Add explicit validation/verification checkpoints to the workflow, e.g. "After applying policies, verify access with `vault token capabilities` / `aws secretsmanager get-secret-value` before proceeding."

Link the bundle files from the relevant sections (e.g. "Vault policy template: see assets/vault_config_template.hcl"; "AWS setup: run scripts/aws_secrets_manager_setup.py") so Claude can navigate to them.

Fix aws_secrets_manager_setup.py by moving `import time` to the top of the module so it is actually executable when referenced.

DimensionReasoningScore

Conciseness

The body is lean and assumes Claude's competence: no preamble explaining what a secrets manager is, and every section (Prerequisites, Instructions, Output, Error Handling, Examples, Resources) earns its place without padding.

3 / 3

Actionability

Steps and the error-handling table give concrete guidance (e.g. "apps/myapp/prod/database", "vault kv get"), but the body contains no copy-paste executable code, the bundle's templates and setup script are never surfaced, and the bundled script aws_secrets_manager_setup.py is non-executable (uses time before its local import).

2 / 3

Workflow Clarity

A clear 9-step sequence is present, but destructive/batch operations (removing hardcoded secrets, applying least-privilege policies, rotation) lack any validation or verification checkpoints, capping workflow clarity at 2.

2 / 3

Progressive Disclosure

Sections are well-organized, but the actual bundle files (vault_config_template.hcl, aws_iam_policy_template.json, example_secrets.yaml, aws_secrets_manager_setup.py) are never referenced or signaled from the body, so navigation to the bundled detail is missing.

2 / 3

Total

9

/

12

Passed

Description

50%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description targets a clear domain and lists a couple of concrete actions, but it is marred by a garbled opening, buzzword padding, and a broken placeholder trigger clause that fails to specify when Claude should use it.

Suggestions

Rewrite the opening in clean third person, e.g. "Integrates applications with HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager, and Azure Key Vault".

Replace the placeholder trigger clause with explicit "Use when..." guidance listing natural phrases users would say (e.g. "when the user asks to integrate Vault, rotate secrets, or replace hardcoded credentials").

Remove buzzword padding like "seamlessly integrate" and the meta-instruction "Trigger with relevant phrases based on skill purpose".

DimensionReasoningScore

Specificity

Names the domain and concrete actions ("generates configurations and setup code", "best practices for secure credential management"), but the opening "Manage this skill enables AI assistant" is garbled and "seamlessly integrate" is buzzword padding, so it falls short of cleanly listing multiple specific actions.

2 / 3

Completeness

The "what" is present, but the "when" is a placeholder ("use this skill when...") rather than explicit trigger guidance, which caps completeness at 2 per the rubric.

2 / 3

Trigger Term Quality

Real keywords like "hashicorp vault" and "aws secrets manager" appear, but the trigger clause is broken filler ("use this skill when...", "Trigger with relevant phrases based on skill purpose") with no natural phrases a user would actually say.

2 / 3

Distinctiveness Conflict Risk

The secrets-manager niche is reasonably distinct, but the generic broken trigger language ("Use when appropriate context detected") raises overlap/conflict risk versus a clearly niched trigger set.

2 / 3

Total

8

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.