integrating-secrets-managers
Manage this skill enables AI assistant to seamlessly integrate with various secrets managers like hashicorp vault and aws secrets manager. it generates configurations and setup code, ensuring best practices for secure credential management. use this skill when... Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.
35
21%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/devops/secrets-manager-integrator/skills/integrating-secrets-managers/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description suffers from placeholder boilerplate in its trigger/when clause, making it nearly useless for skill selection. While it names specific tools (HashiCorp Vault, AWS Secrets Manager), the actions are vague and padded with buzzwords like 'seamlessly integrate' and 'ensuring best practices.' The trigger guidance is completely generic template text that provides no actionable selection criteria.
Suggestions
Replace the boilerplate trigger clause ('Use when appropriate context detected...') with specific, natural trigger phrases like 'Use when the user asks about storing secrets, managing API keys, configuring HashiCorp Vault, AWS Secrets Manager, credential rotation, or environment variable management.'
List concrete actions instead of vague claims: e.g., 'Generates Vault policies, creates secrets engine configurations, writes IAM roles for AWS Secrets Manager access, and produces application code for secret retrieval.'
Remove filler phrases like 'seamlessly integrate' and 'ensuring best practices' and replace with specific capabilities that distinguish this skill from general DevOps or cloud configuration skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description mentions 'hashicorp vault' and 'aws secrets manager' as specific tools, and vaguely references 'generates configurations and setup code,' but the actions are not concrete or comprehensive. Phrases like 'seamlessly integrate' and 'ensuring best practices' are vague fluff. Additionally, it uses second/third person inconsistently and includes 'enables AI assistant' which is not proper third-person action voice. | 1 / 3 |
Completeness | The 'what' is vaguely present but weak, and the 'when' clause is entirely placeholder text ('Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.') which provides no actual guidance. This is effectively missing the 'when' entirely. | 1 / 3 |
Trigger Term Quality | While 'hashicorp vault' and 'aws secrets manager' are mentioned, the trigger guidance is completely useless boilerplate: 'Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.' This provides zero natural keywords a user would actually say, such as 'secrets,' 'credentials,' 'vault,' 'environment variables,' 'API keys,' etc. | 1 / 3 |
Distinctiveness Conflict Risk | The mention of specific tools like 'hashicorp vault' and 'aws secrets manager' provides some distinctiveness in the secrets management domain, but the vague language about 'configurations and setup code' could overlap with general infrastructure or DevOps skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a broad overview of secrets manager integration across multiple platforms but critically lacks any executable code, concrete commands, or configuration examples—making it more of a conceptual checklist than an actionable skill. The workflow is sequenced but missing validation checkpoints for destructive operations like removing hardcoded secrets. The error handling table is a strength, but the skill would benefit enormously from concrete, platform-specific code examples.
Suggestions
Add executable code examples for at least one platform: e.g., a complete Vault policy in HCL, an AWS IAM policy in JSON, and SDK code snippets in Python/Go for secret retrieval.
Add explicit validation checkpoints in the workflow, especially before step 8 (removing hardcoded secrets)—e.g., 'Verify secret retrieval works: `vault kv get apps/myapp/prod/database` should return the expected value.'
Split platform-specific details into separate referenced files (e.g., VAULT.md, AWS_SECRETS.md, GCP_SECRETS.md) and keep SKILL.md as a concise overview with navigation links.
Replace the prose-based Examples section with concrete input/output pairs showing actual commands and expected configurations.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is reasonably structured but includes some unnecessary verbosity, such as the Prerequisites section listing things Claude would already know (e.g., 'Network connectivity between application workloads and the secrets manager endpoint'). The Examples section describes scenarios in prose rather than showing executable examples, adding tokens without much value. | 2 / 3 |
Actionability | Despite covering multiple secrets managers, the skill provides zero executable code, no concrete commands, no policy examples (HCL or JSON), and no SDK snippets. Every instruction is abstract and descriptive ('Generate access policies with least-privilege', 'Implement secret retrieval in the application') rather than providing copy-paste ready configurations or code. | 1 / 3 |
Workflow Clarity | The 9-step workflow provides a reasonable sequence for secrets manager integration, and the error handling table is a useful addition. However, there are no explicit validation checkpoints or feedback loops—steps like 'verify the policy works before proceeding' or 'test secret retrieval before removing hardcoded secrets' are missing, which is critical for operations that remove existing credentials. | 2 / 3 |
Progressive Disclosure | The content is organized into clear sections (Overview, Prerequisites, Instructions, Output, Error Handling, Examples, Resources) with external resource links. However, the skill tries to cover four different secrets managers in one file without splitting platform-specific details into separate referenced files, making it a somewhat monolithic treatment of a broad topic. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
c8a915c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.