k8s-security-policies
Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.
Install with Tessl CLI
npx tessl i github:wshobson/agents --skill k8s-security-policies81
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that follows best practices. It uses third person voice, lists specific Kubernetes security mechanisms, includes a clear 'Use when...' clause with multiple trigger scenarios, and has distinct terminology that differentiates it from general Kubernetes or security skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC' - names three distinct Kubernetes security mechanisms with clear technical specificity. | 3 / 3 |
Completeness | Clearly answers both what ('Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC') and when ('Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'Kubernetes', 'security policies', 'NetworkPolicy', 'PodSecurityPolicy', 'RBAC', 'securing Kubernetes clusters', 'network isolation', 'pod security standards' - good coverage of both technical terms and natural language variations. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on Kubernetes security policies with distinct triggers like 'NetworkPolicy', 'PodSecurityPolicy', 'RBAC', and 'pod security standards' - unlikely to conflict with general Kubernetes or general security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
52%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides excellent, actionable YAML examples covering comprehensive Kubernetes security topics. However, it lacks workflow guidance for implementing these policies in sequence with validation steps, and the document is verbose with sections explaining concepts Claude already knows (compliance frameworks, basic best practices). The content would benefit from clearer implementation ordering and verification checkpoints.
Suggestions
Add a workflow section showing the recommended order for implementing security policies (e.g., 1. Apply Pod Security Standards → 2. Verify with dry-run → 3. Apply NetworkPolicies → 4. Test connectivity → 5. Configure RBAC)
Include validation commands after each policy type showing how to verify the policy is working correctly (e.g., test pod creation against restricted namespace, verify network isolation)
Remove or significantly condense the 'Purpose', 'When to Use This Skill', 'Best Practices', and 'Compliance Frameworks' sections - these explain concepts Claude already knows
Move OPA Gatekeeper and Istio sections to separate referenced files to improve progressive disclosure
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with good YAML examples, but includes some unnecessary sections like 'Purpose', 'When to Use This Skill', and compliance framework explanations that Claude already knows. The best practices list is also somewhat verbose. | 2 / 3 |
Actionability | Provides fully executable, copy-paste ready YAML manifests for all major security components including NetworkPolicy, RBAC, Pod Security Standards, OPA Gatekeeper, and Istio. Troubleshooting commands are concrete and immediately usable. | 3 / 3 |
Workflow Clarity | No clear sequencing for implementing security policies. Missing validation checkpoints - doesn't explain how to verify policies are working, order of operations for implementing defense-in-depth, or feedback loops for testing policy effectiveness before production deployment. | 1 / 3 |
Progressive Disclosure | References external files (assets/network-policy-template.yaml, references/rbac-patterns.md) and related skills, but the main document is quite long with all content inline. Could better separate advanced topics like OPA Gatekeeper and Istio into referenced files. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.