mtls-configuration
Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing zero-trust networking, certificate management, or securing internal service communication.
85
66%
Does it follow best practices?
Impact
98%
1.05xAverage score across 6 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/cloud-infrastructure/skills/mtls-configuration/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid description with a clear 'Use when' clause and distinct trigger terms that carve out a specific niche around mTLS and zero-trust networking. Its main weakness is that the 'what' portion could be more specific about the concrete actions performed (e.g., generating certificates, configuring CAs, rotating keys) rather than just stating 'configure mutual TLS'.
Suggestions
Expand the capability description with more concrete actions, e.g., 'Generate and manage certificates, configure certificate authorities, set up mTLS between services, and rotate keys.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (mTLS, zero-trust, service-to-service communication) and mentions certificate management, but doesn't list multiple concrete actions like 'generate certificates, configure TLS termination, rotate keys, set up certificate authorities'. | 2 / 3 |
Completeness | Clearly answers both 'what' (configure mutual TLS for zero-trust service-to-service communication) and 'when' (explicit 'Use when' clause covering zero-trust networking, certificate management, or securing internal service communication). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'mTLS', 'mutual TLS', 'zero-trust', 'certificate management', 'service-to-service communication', 'internal service communication'. These cover the main terms a user would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | The focus on mTLS and zero-trust service-to-service communication is a clear niche. Terms like 'mutual TLS', 'mTLS', and 'zero-trust networking' are highly specific and unlikely to conflict with general networking or security skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, concrete YAML templates and CLI commands for multiple service mesh implementations, which is its primary strength. However, it is significantly over-verbose for a skill file—including conceptual diagrams and explanations Claude doesn't need, and inlining all templates in a single monolithic document. It also lacks a clear end-to-end workflow with validation checkpoints, which is critical for security-sensitive mTLS configuration.
Suggestions
Remove the 'Core Concepts' section (mTLS flow diagram, certificate hierarchy) — Claude already understands these; replace with a one-line note if needed.
Split per-tool templates (Istio, Linkerd, SPIFFE/SPIRE, cert-manager) into separate referenced files and keep only a quick-start example inline.
Add an explicit step-by-step migration workflow: e.g., 1. Deploy PERMISSIVE → 2. Verify traffic with `istioctl authn tls-check` → 3. Switch to STRICT → 4. Validate no broken connections → 5. Monitor alerts.
Remove the 'When to Use This Skill' section — this duplicates the frontmatter description and wastes tokens.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is excessively verbose at ~250 lines. It includes unnecessary conceptual explanations (mTLS flow diagram, certificate hierarchy) that Claude already understands, a 'When to Use This Skill' section that restates the frontmatter description, and massive template blocks that could be split into separate files. The ASCII diagrams and core concepts sections add significant token cost without proportional value. | 1 / 3 |
Actionability | The templates are fully concrete, copy-paste ready YAML configurations for Istio, cert-manager, SPIFFE/SPIRE, and Linkerd. The debugging section provides specific, executable CLI commands. All code examples are real and complete rather than pseudocode. | 3 / 3 |
Workflow Clarity | While individual templates and commands are clear, there's no explicit workflow sequence for implementing mTLS end-to-end. The 'Start with PERMISSIVE, migrate to STRICT' advice is mentioned in best practices but lacks a step-by-step migration workflow with validation checkpoints. Certificate rotation lacks a verify-after-rotation step. For a security-critical operation like mTLS configuration, missing validation feedback loops is a significant gap. | 2 / 3 |
Progressive Disclosure | The entire skill is a monolithic wall of content with no references to external files. Five large template blocks, debugging commands, certificate rotation, and best practices are all inlined. With no bundle files, the content that could easily be split (e.g., per-mesh-tool templates, debugging guide, SPIFFE/SPIRE setup) creates an overwhelming single document. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- wshobson/agents
- Commit
112197c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.