kubernetes-rbac-analyzer
Kubernetes Rbac Analyzer - Auto-activating skill for Security Advanced. Triggers on: kubernetes rbac analyzer, kubernetes rbac analyzer Part of the Security Advanced skill category.
36
3%
Does it follow best practices?
Impact
98%
1.01xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/kubernetes-rbac-analyzer/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder that provides almost no useful information for skill selection. It names the domain (Kubernetes RBAC) but fails to describe any concrete capabilities, lacks natural trigger terms users would employ, and provides no guidance on when the skill should be activated. It reads like auto-generated boilerplate rather than a crafted description.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Analyzes Kubernetes RBAC configurations to identify overly permissive roles, unused bindings, and privilege escalation paths.'
Add a 'Use when...' clause with natural trigger terms like 'Use when the user asks about Kubernetes RBAC, role bindings, cluster roles, service account permissions, k8s access control, or security auditing of Kubernetes clusters.'
Include common keyword variations users might say: 'RBAC', 'k8s permissions', 'ClusterRole', 'RoleBinding', 'service account privileges', 'least privilege', 'access review'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. It only names the skill ('Kubernetes Rbac Analyzer') and mentions it's part of 'Security Advanced' but never describes what it actually does—no verbs like 'analyzes', 'audits', 'identifies misconfigurations', etc. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no explanation of capabilities and no explicit 'Use when...' clause—only a mechanical 'Triggers on' line with the skill name repeated. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'kubernetes rbac analyzer' repeated twice. There are no natural user terms like 'RBAC', 'role bindings', 'cluster roles', 'permissions audit', 'access control', 'k8s security', etc. that a user would naturally say. | 1 / 3 |
Distinctiveness Conflict Risk | The mention of 'Kubernetes RBAC' does narrow the domain somewhat, which provides some distinctiveness. However, without specific actions or clear triggers, it could still overlap with other Kubernetes security or general security analysis skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty template with no substantive content. It contains only generic boilerplate that repeats the skill name without providing any actual guidance on Kubernetes RBAC analysis — no commands (e.g., kubectl auth can-i), no code, no analysis methodology, no examples of RBAC misconfigurations, and no security-specific workflows.
Suggestions
Add concrete, executable examples such as kubectl commands for auditing RBAC (e.g., `kubectl auth can-i --list --as=system:serviceaccount:default:mysa`), scripts to enumerate ClusterRoleBindings, or tools like `rakkess` or `rbac-lookup`.
Define a clear multi-step workflow for RBAC analysis: enumerate roles/bindings → identify overly permissive rules → flag specific dangerous permissions (e.g., `*` verbs on secrets) → recommend least-privilege alternatives with validation steps.
Remove all boilerplate sections (Purpose, When to Use, Example Triggers, Capabilities) that contain no actionable information and replace with actual RBAC analysis patterns, common misconfigurations, and remediation examples.
Add references to supporting materials such as a checklist of dangerous RBAC permissions, example policy files, or links to detailed guides for specific scenarios (e.g., auditing service accounts, namespace isolation).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and boilerplate. It explains nothing Claude doesn't already know, repeats 'kubernetes rbac analyzer' excessively, and provides zero substantive information about how to actually analyze Kubernetes RBAC. | 1 / 3 |
Actionability | There are no concrete steps, commands, code examples, or specific guidance. Every section is vague and abstract — 'Provides step-by-step guidance' without actually providing any steps. | 1 / 3 |
Workflow Clarity | No workflow is defined at all. There are no steps, no sequence, no validation checkpoints — just generic claims about capabilities without any actual process. | 1 / 3 |
Progressive Disclosure | The content is a flat, monolithic block of generic text with no references to detailed materials, no links to supporting files, and no meaningful structural organization beyond boilerplate headings. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3076d78
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.