CtrlK
BlogDocsLog inGet started
Tessl Logo

auditing-kubernetes-cluster-rbac

Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous ClusterRoleBindings, service account abuse, and privilege escalation paths using kubectl, rbac-tool, KubiScan, and Kubeaudit.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with executable commands throughout and a clear six-step sequence, but it pads conciseness with concepts Claude already knows, lacks validation checkpoints, and leaves its bundle files orphaned and unlinked. Tightening the Key Concepts table and pointing to the existing reference/script files would raise the score.

Suggestions

Replace or trim the 'Key Concepts' table, which explains RBAC/ClusterRole/Service Account basics Claude already knows, keeping only the non-obvious items like automountServiceAccountToken.

Add a validation/verification step (e.g., cross-check KubiScan and rbac-tool findings, confirm wildcards with kubectl auth can-i) before producing the final report to introduce explicit checkpoints.

Link the orphaned bundle files — point to references/api-reference.md for the Python-client API and scripts/agent.py for automation — so inline scripts can be deferred and progressive disclosure is one level deep.

DimensionReasoningScore

Conciseness

The body is mostly efficient executable commands, but the 'Key Concepts' table explains RBAC, ClusterRole, ClusterRoleBinding, and Service Account — concepts Claude already knows — adding unnecessary tokens, so it sits at 'mostly efficient but could be tightened' rather than fully lean.

2 / 3

Actionability

Every step ships copy-paste-ready, fully executable kubectl one-liners and inline Python scripts with concrete flags and filters, matching the fully-executable anchor.

3 / 3

Workflow Clarity

The six steps are clearly sequenced and labelled, but there are no explicit validation/verification checkpoints or feedback loops for confirming findings before reporting, so it falls to 'sequence present but checkpoints missing'.

2 / 3

Progressive Disclosure

Sections are well-organized, but the provided bundle files references/api-reference.md and scripts/agent.py are never referenced or signaled from the body while equivalent API/script content sits inline, so the disclosure structure is present-but-underused rather than cleanly split.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, tool-named, and well-differentiated, but it omits an explicit 'Use when…' trigger clause, which caps its completeness. Adding a usage-trigger sentence would lift it to a top score.

Suggestions

Append an explicit trigger clause such as 'Use when auditing Kubernetes RBAC for least-privilege violations, privileged-access reviews, or compliance evidence gathering.' to satisfy the completeness 'when' requirement.

Add natural-language user phrasings (e.g., 'who can read secrets', 'cluster-admin review') alongside the technical terms to broaden trigger coverage.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — 'identify overly permissive roles, wildcard permissions, dangerous ClusterRoleBindings, service account abuse, and privilege escalation paths' — matching the score-3 anchor that enumerates specific concrete actions.

3 / 3

Completeness

Clearly answers 'what' the skill does but provides no 'Use when…' clause or equivalent explicit trigger guidance, so per the judging guidelines completeness is capped at 2 rather than reaching the what-AND-when level 3.

2 / 3

Trigger Term Quality

Covers natural terms an auditor would say — 'Kubernetes cluster RBAC', 'overly permissive roles', 'wildcard permissions', 'privilege escalation', plus the named tools (kubectl, rbac-tool, KubiScan, Kubeaudit) — giving good coverage of likely user phrasing.

3 / 3

Distinctiveness Conflict Risk

The narrow Kubernetes-RBAC-auditing niche with named tooling is clearly distinguishable and unlikely to trigger for unrelated skills, matching the clear-niche anchor.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.