kubernetes-rbac-analyzer
Kubernetes Rbac Analyzer - Auto-activating skill for Security Advanced. Triggers on: kubernetes rbac analyzer, kubernetes rbac analyzer Part of the Security Advanced skill category.
36
Quality
3%
Does it follow best practices?
Impact
98%
1.01xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/kubernetes-rbac-analyzer/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder with no substantive content. It repeats the skill name as trigger terms, provides no concrete actions or capabilities, and lacks any 'Use when...' guidance. The only redeeming quality is that 'Kubernetes RBAC' is a specific enough domain to provide minimal distinctiveness.
Suggestions
Add specific actions the analyzer performs, e.g., 'Analyzes Kubernetes RBAC configurations, identifies overly permissive roles, audits ClusterRoleBindings, and detects privilege escalation risks.'
Include a 'Use when...' clause with natural trigger terms: 'Use when reviewing Kubernetes permissions, auditing RBAC policies, checking service account access, or analyzing role bindings.'
Add common user terms and file types: 'RBAC', 'role permissions', 'ClusterRole', 'RoleBinding', 'ServiceAccount', 'k8s security', 'namespace access'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions - only the skill name repeated. It doesn't describe what the analyzer actually does (e.g., 'analyzes RBAC policies', 'identifies permission gaps', 'audits role bindings'). | 1 / 3 |
Completeness | Neither 'what' nor 'when' is answered. There's no explanation of capabilities and no 'Use when...' clause. The description only states it's part of a category without explaining functionality or triggers. | 1 / 3 |
Trigger Term Quality | The trigger terms are just the skill name repeated twice ('kubernetes rbac analyzer, kubernetes rbac analyzer'). Missing natural user terms like 'RBAC', 'role permissions', 'cluster access', 'service accounts', 'ClusterRole', 'RoleBinding'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'Kubernetes RBAC' is fairly specific to a niche domain, which provides some distinctiveness. However, without concrete actions described, it could still conflict with other Kubernetes security tools. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty template that provides no actual guidance on Kubernetes RBAC analysis. It lacks any concrete commands (kubectl auth can-i, kubectl get roles), analysis techniques, security patterns, or examples of identifying misconfigurations. The content would not help Claude perform any RBAC security analysis tasks.
Suggestions
Add concrete kubectl commands for RBAC auditing (e.g., `kubectl auth can-i --list`, `kubectl get clusterrolebindings -o yaml`)
Include specific examples of dangerous RBAC patterns to detect (e.g., wildcard permissions, cluster-admin bindings to service accounts)
Provide a step-by-step workflow for RBAC analysis: enumerate roles → identify overly permissive bindings → check service account privileges → report findings
Add code examples for parsing RBAC resources and identifying privilege escalation paths
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing specific about Kubernetes RBAC analysis. It describes what the skill does in abstract terms without providing any actual technical content. | 1 / 3 |
Actionability | No concrete code, commands, or executable guidance is provided. The content only describes capabilities in vague terms like 'provides step-by-step guidance' without actually providing any steps, RBAC commands, or analysis techniques. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps for analyzing RBAC configurations, no kubectl commands for auditing permissions, no validation checkpoints for identifying privilege escalation risks or overly permissive roles. | 1 / 3 |
Progressive Disclosure | The content is a flat, generic template with no structure for actual RBAC analysis content. No references to detailed materials, no organization of topics like role analysis, rolebinding audits, or service account reviews. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.