CtrlK
BlogDocsLog inGet started
Tessl Logo

k8s-security-policies

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.

83

1.04x
Quality

Does it follow best practices?

Impact

98%

1.04x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A thorough, highly actionable catalog of production-grade Kubernetes security manifests with copy-paste-ready YAML. Its weaknesses are token efficiency (repeated/conceptual sections) and the lack of an explicit apply-and-verify workflow, plus only partial offloading of detail into the available reference files.

Suggestions

Trim restated or conceptual sections (Purpose, When to Use, Best Practices, CIS/NIST Compliance Frameworks) to high-value specifics Claude doesn't already know, or move them into a reference file.

Add a short sequenced 'Apply & verify' workflow with validation checkpoints (e.g., apply default-deny, then allow-rules, then `kubectl get networkpolicy` / `kubectl auth can-i` to confirm effect) instead of leaving verification only in Troubleshooting.

Move the heavier inline sections (OPA Gatekeeper, Istio service mesh, Compliance Frameworks) into reference files like the existing rbac-patterns.md and network-policy-template.yaml, keeping SKILL.md as a lean overview with one-level-deep links.

DimensionReasoningScore

Conciseness

The YAML manifests are lean and earn their tokens, but several sections restate known concepts—the 'Purpose' and 'When to Use' sections repeat the description, and 'Best Practices', 'Compliance Frameworks' (CIS/NIST), and generic 'Troubleshooting' list high-level guidance Claude already knows; fitting 'mostly efficient but includes some unnecessary explanation or could be tightened' rather than the every-token-earns-its-place bar of a 3.

2 / 3

Actionability

Provides complete, valid, copy-paste-ready YAML manifests (NetworkPolicy, RBAC, Pod securityContext, OPA Gatekeeper, Istio) and executable kubectl diagnostic commands, matching 'fully executable code/commands; specific examples; copy-paste ready'; not a 2 because the examples are complete rather than pseudocode.

3 / 3

Workflow Clarity

The body is organized as a topic catalog rather than a sequenced process; the numbered 'Best Practices' is advisory, and there are no explicit apply/verify checkpoints (e.g., confirming a NetworkPolicy took effect) beyond an ad-hoc troubleshooting mention, fitting 'steps listed but validation gaps; checkpoints missing or implicit'; not a 1 because content is structured and diagnostic commands exist.

2 / 3

Progressive Disclosure

Two real, one-level-deep, clearly signaled references exist ('assets/network-policy-template.yaml', 'references/rbac-patterns.md', both verified present), but most detail—OPA Gatekeeper, Istio service mesh, Compliance Frameworks—remains inline in a ~340-line monolithic SKILL.md rather than being split out, fitting 'content that should be separate is inline'; not a 3 because the split is not thorough, not a 1 because references are real and not deeply nested.

2 / 3

Total

9

/

12

Passed

Description

85%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, specific description that names concrete capabilities and provides an explicit 'Use when' trigger clause with a well-defined niche. Its only weakness is trigger-term phrasing, which leans formal and omits some natural variations users might say.

DimensionReasoningScore

Specificity

Lists multiple concrete actions—'NetworkPolicy, PodSecurityPolicy, and RBAC'—rather than vague language, matching the 'lists multiple specific concrete actions' anchor; not a 2 because it goes beyond naming only 'some actions'.

3 / 3

Completeness

Explicitly states what ('Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC') and when via an explicit 'Use when' clause, satisfying the 'clearly answers both what AND when with explicit triggers' anchor; not a 2 because the when-Trigger is present and explicit.

3 / 3

Trigger Term Quality

The 'Use when' clause offers relevant triggers ('securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards') but uses fairly formal phrasing and misses common variations users would naturally say, fitting 'some relevant keywords but missing common variations' rather than the broad coverage of a 3.

2 / 3

Distinctiveness Conflict Risk

Targets a clear, distinct niche (Kubernetes cluster security) with specific triggers unlikely to collide with other skills, matching 'clear niche with distinct triggers'; not a 2 because it is more than 'somewhat specific'.

3 / 3

Total

11

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
wshobson/agents
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.