mtls-configuration
Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing zero-trust networking, certificate management, or securing internal service communication.
80
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillAgent success when using this skill
Validation for skill structure
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description with excellent trigger terms and completeness. The explicit 'Use when...' clause covers relevant scenarios well, and the focus on mTLS/zero-trust creates clear distinctiveness. The main weakness is the lack of specific concrete actions beyond 'configure' - adding examples like certificate generation, rotation, or validation would strengthen specificity.
Suggestions
Add specific concrete actions such as 'generate client/server certificates', 'configure certificate authorities', 'rotate certificates', or 'validate certificate chains' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (mTLS, zero-trust) and a general action (configure), but lacks specific concrete actions like 'generate certificates', 'rotate keys', 'validate certificate chains', or 'configure certificate authorities'. | 2 / 3 |
Completeness | Clearly answers both what ('Configure mutual TLS for zero-trust service-to-service communication') and when ('Use when implementing zero-trust networking, certificate management, or securing internal service communication') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Good coverage of natural terms: 'mTLS', 'mutual TLS', 'zero-trust', 'certificate management', 'service-to-service communication', 'internal service communication' - these are terms users would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on mTLS and zero-trust networking - distinct from general TLS/SSL skills, general security skills, or other networking configurations. The combination of mTLS + zero-trust + service-to-service creates a unique trigger profile. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides excellent actionable templates and debugging commands for mTLS configuration across multiple service mesh platforms. However, it's verbose with explanatory content Claude doesn't need (mTLS flow diagrams, 'when to use' sections), and lacks clear step-by-step workflows with validation checkpoints for implementing or migrating to mTLS.
Suggestions
Remove the 'When to Use This Skill' and 'Core Concepts' sections - Claude understands mTLS fundamentals and can infer use cases from the description
Add an explicit migration workflow with validation steps: 1. Enable PERMISSIVE → 2. Verify traffic with `istioctl authn tls-check` → 3. Fix non-mTLS services → 4. Switch to STRICT → 5. Verify again
Split detailed templates (SPIRE config, cert-manager setup) into separate reference files and keep SKILL.md as a concise overview with the most common Istio patterns
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary sections like 'When to Use This Skill' (Claude can infer this) and 'Core Concepts' diagrams that explain mTLS flow which Claude already understands. The templates themselves are valuable but could be leaner. | 2 / 3 |
Actionability | Provides fully executable YAML templates, complete bash commands for debugging and verification, and copy-paste ready configurations for Istio, Linkerd, cert-manager, and SPIRE. All code examples are concrete and usable. | 3 / 3 |
Workflow Clarity | While individual templates are clear, there's no explicit workflow for implementing mTLS from scratch. The migration path (PERMISSIVE to STRICT) is mentioned in best practices but lacks step-by-step validation checkpoints. Certificate rotation section lacks a clear sequence with verification steps. | 2 / 3 |
Progressive Disclosure | Content is reasonably organized with clear sections, but it's a monolithic document that could benefit from splitting detailed templates into separate files. External resource links are provided but internal cross-references to detailed guides are missing. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.