azure-rbac
Helps users find the right Azure RBAC role for an identity with least privilege access, then generate CLI commands and Bicep code to assign it. Also provides guidance on permissions required to grant roles. USE FOR: "what role should I assign", "least privilege role", "RBAC role for", "role to read blobs", "role for managed identity", "custom role definition", "assign role to identity", "what role do I need to grant access", "permissions to assign roles". DO NOT USE FOR: creating or configuring managed identities, or general Azure security hardening; those are out of scope for this role-selection skill.
82
Quality
75%
Does it follow best practices?
Impact
94%
1.06xAverage score across 3 eval scenarios
Optimize this skill with Tessl
npx tessl skill review --optimize ./.github/plugins/azure-skills/skills/azure-rbac/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the marks. It provides specific capabilities (role selection, CLI/Bicep generation), comprehensive trigger terms that match natural user language, explicit 'USE FOR' and 'DO NOT USE FOR' clauses, and clear boundaries that distinguish it from related Azure skills. The description uses proper third-person voice throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple concrete actions: 'find the right Azure RBAC role', 'generate CLI commands and Bicep code to assign it', 'provides guidance on permissions required to grant roles'. These are specific, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers WHAT (find RBAC roles, generate CLI/Bicep code, guidance on permissions) AND WHEN (explicit 'USE FOR' clause with trigger phrases). Also includes helpful 'DO NOT USE FOR' boundaries. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural user phrases in the USE FOR section: 'what role should I assign', 'least privilege role', 'RBAC role for', 'role to read blobs', 'role for managed identity', 'custom role definition', 'assign role to identity'. These match how users would naturally ask. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with clear Azure RBAC focus. The explicit 'DO NOT USE FOR' clause (managed identity creation, general security hardening) actively prevents conflicts with related Azure skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a reasonable high-level workflow for Azure RBAC role selection and assignment, correctly identifying the relevant tools to use. However, it lacks concrete examples, clear step-by-step formatting, and validation checkpoints that would make it more actionable and reliable for Claude to follow.
Suggestions
Add a numbered step-by-step workflow with clear headers instead of a paragraph format (e.g., '1. Find minimal role', '2. Generate CLI commands', '3. Generate Bicep code')
Include at least one concrete example showing sample tool usage and expected output format for a common scenario like 'grant blob read access'
Add a validation step after role selection to confirm with the user that the identified role matches their needs before generating assignment code
Provide example CLI command and Bicep snippet formats so Claude knows the expected output structure
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is relatively brief but includes some unnecessary phrasing like 'If user is asking about role necessary to set access, refer to Prerequisites for Granting Roles down below' which could be more direct. The prerequisites section is appropriately concise. | 2 / 3 |
Actionability | The skill describes which tools to use and in what order, but lacks concrete examples of tool invocations, expected outputs, or sample scenarios. It tells Claude what to do conceptually but doesn't provide executable patterns or example inputs/outputs. | 2 / 3 |
Workflow Clarity | There's an implicit sequence (find role → generate CLI → generate Bicep), but it's written as a run-on paragraph rather than clear steps. No validation checkpoints are mentioned for verifying the role selection is correct before proceeding to assignment generation. | 2 / 3 |
Progressive Disclosure | The content is short enough that it doesn't need external references, but the structure could be improved. The main workflow and prerequisites section are present but the workflow section lacks clear headers or organization. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.