mtls-configuration
Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing zero-trust networking, certificate management, or securing internal service communication.
47
48%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/cloud-infrastructure/skills/mtls-configuration/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid description with clear 'what' and 'when' clauses, good trigger terms covering natural user language, and a distinct niche. The main weakness is that the 'what' portion could be more specific by listing concrete actions beyond just 'configure' (e.g., generate certificates, set up CAs, configure certificate rotation).
Suggestions
Expand the capability list with more specific actions, e.g., 'Configure mutual TLS (mTLS) for zero-trust service-to-service communication, including generating client/server certificates, setting up certificate authorities, and configuring certificate rotation.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (mTLS, zero-trust) and a general action ('Configure mutual TLS'), but doesn't list multiple specific concrete actions like generating certificates, configuring certificate authorities, setting up certificate rotation, or validating client certificates. | 2 / 3 |
Completeness | Clearly answers both 'what' (configure mutual TLS for zero-trust service-to-service communication) and 'when' (explicit 'Use when' clause covering zero-trust networking, certificate management, or securing internal service communication). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'mTLS', 'mutual TLS', 'zero-trust', 'certificate management', 'service-to-service communication', 'internal service communication'. These cover the main variations a user might use. | 3 / 3 |
Distinctiveness Conflict Risk | mTLS and zero-trust service-to-service communication is a clear, specific niche. The triggers are distinct enough that this would not easily conflict with general networking, TLS/SSL, or broader security skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a conceptual overview of mTLS with no actionable content. It spends most of its token budget on diagrams and concepts Claude already understands, while deferring all concrete templates and examples to a reference file that doesn't exist in the bundle. The skill fails to provide any executable guidance, clear workflows, or validation steps for what is a complex, security-critical multi-step process.
Suggestions
Replace the conceptual diagrams and 'When to Use' section with concrete, executable configuration examples (e.g., Istio PeerAuthentication YAML, cert-manager Certificate resources, or openssl commands for generating CA hierarchies).
Add a clear numbered workflow for implementing mTLS end-to-end, including validation checkpoints like verifying certificate chains with `openssl verify` and testing mTLS connections with `curl --cert`.
Either inline the essential templates from 'references/details.md' or provide the actual bundle file so the progressive disclosure is functional rather than a dead reference.
Remove generic best practices that Claude already knows (e.g., 'don't disable mTLS in production') and replace with specific, non-obvious guidance like exact cert rotation commands or troubleshooting steps for common handshake failures.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is verbose with unnecessary content Claude already knows: the mTLS handshake flow diagram, certificate hierarchy concepts, 'When to Use This Skill' section listing obvious use cases, and generic best practices (don't disable mTLS, don't ignore cert expiry) are all common knowledge for Claude. The ASCII diagrams consume significant tokens without adding actionable value. | 1 / 3 |
Actionability | The skill contains zero executable code, commands, or concrete configuration examples. It describes concepts and best practices abstractly but never provides a single copy-paste-ready template, command, or configuration snippet. All concrete templates are deferred to 'references/details.md' which is not provided. | 1 / 3 |
Workflow Clarity | There is no clear multi-step workflow for implementing mTLS. The skill mentions migrating from PERMISSIVE to STRICT but provides no sequenced steps, no validation checkpoints, and no error recovery guidance. For a task involving certificate management and security configuration, the absence of any workflow with verification steps is a significant gap. | 1 / 3 |
Progressive Disclosure | The skill references 'references/details.md' for templates and worked examples, which is a reasonable attempt at progressive disclosure. However, no bundle files are provided, so the reference is unverifiable. The main file itself contains mostly conceptual content that should either be omitted (Claude knows it) or replaced with the actionable content that was deferred to the reference file. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- wshobson/agents
- Commit
cf6059d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.