key-rotation-manager
Key Rotation Manager - Auto-activating skill for Security Advanced. Triggers on: key rotation manager, key rotation manager Part of the Security Advanced skill category.
32
0%
Does it follow best practices?
Impact
92%
0.97xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/key-rotation-manager/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an extremely weak skill description that essentially only provides a name and category label without any substantive content. It lacks concrete actions, natural trigger terms, explicit usage guidance, and distinguishing details. It would be nearly impossible for Claude to correctly select this skill from a pool of available skills.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Rotates API keys, encryption keys, and service account credentials. Manages key expiration schedules, generates new keys, and updates dependent configurations.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about rotating keys, expiring credentials, regenerating API tokens, updating secrets, or managing key lifecycles.'
Diversify trigger terms to include natural variations users would say: 'rotate keys', 'API key expiration', 'regenerate credentials', 'secret rotation', 'key management', 'update encryption keys'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. It only states the skill name 'Key Rotation Manager' and that it's part of 'Security Advanced' but never describes what it actually does (e.g., rotate API keys, update credentials, manage encryption keys). | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no explanation of capabilities and no explicit 'Use when...' clause or equivalent trigger guidance. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'key rotation manager' repeated twice. These are not natural terms users would say — users are more likely to say 'rotate my API keys', 'update credentials', 'expire old keys', 'regenerate secrets', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The description is too vague to be distinctive. 'Security Advanced' is generic, and without specifying what kind of keys, what rotation means in practice, or what systems are involved, it could easily conflict with other security-related skills. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty shell with no actual content. It consists entirely of boilerplate meta-descriptions about what the skill would do, without providing any actionable guidance, code, commands, or concrete information about key rotation. It fails on every dimension of the rubric.
Suggestions
Add concrete, executable code examples for key rotation (e.g., rotating AWS KMS keys, rotating API keys, rotating database credentials) with specific CLI commands or SDK calls.
Define a clear multi-step workflow for key rotation including validation steps, such as: generate new key → update dependent services → verify functionality → deactivate old key → delete old key after grace period.
Remove all meta-description sections ('Purpose', 'When to Use', 'Example Triggers') and replace with actual technical content covering specific rotation patterns, schedules, and rollback procedures.
Add references to detailed guides for specific platforms or compliance frameworks (e.g., SOC2 key rotation requirements, GDPR encryption key management) as separate linked files.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler with no substantive information. It explains what the skill does in abstract terms without providing any actual guidance, commands, or code. Every section restates the same vague concept. | 1 / 3 |
Actionability | There is zero concrete, executable guidance. No code, no commands, no specific steps, no configuration examples. The content only describes what it claims to do without actually doing any of it. | 1 / 3 |
Workflow Clarity | No workflow is defined at all. There are no steps, no sequence, no validation checkpoints. The skill mentions 'step-by-step guidance' but provides none. | 1 / 3 |
Progressive Disclosure | No meaningful structure or references to detailed materials. The sections are superficial headers with no real content beneath them, and there are no links to deeper resources or examples. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3076d78
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.