secrets-management
Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
78
56%
Does it follow best practices?
Impact
92%
1.12xAverage score across 6 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/cicd-automation/skills/secrets-management/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly defines its niche at the intersection of secrets management and CI/CD pipelines. It includes an explicit 'Use when' clause with good trigger terms and names specific tools. The main weakness is that the capability actions could be more granular and concrete rather than using broad verbs like 'implement' and 'handling'.
Suggestions
Replace broad verbs with more specific actions, e.g., 'Configure secret injection into pipeline steps, set up automatic credential rotation, manage dynamic secrets, audit secret access' instead of 'implement secure secrets management'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (secrets management for CI/CD) and mentions specific tools (Vault, AWS Secrets Manager), but the actions are somewhat general ('implement', 'handling', 'rotating', 'securing') rather than listing multiple concrete discrete actions like 'configure secret rotation policies, inject secrets into pipeline steps, set up dynamic credentials'. | 2 / 3 |
Completeness | Clearly answers both 'what' (implement secure secrets management for CI/CD using Vault, AWS Secrets Manager, or native platform solutions) and 'when' (Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments) with an explicit 'Use when...' clause. | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'secrets management', 'CI/CD pipelines', 'Vault', 'AWS Secrets Manager', 'credentials', 'rotating secrets'. These cover common terms a user would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of secrets management + CI/CD pipelines + specific tools (Vault, AWS Secrets Manager) creates a clear niche that is unlikely to conflict with general CI/CD skills, general security skills, or general cloud infrastructure skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a reference catalog than an actionable guide — it covers too many tools at surface level without providing clear workflows or validation steps. The content is bloated with feature lists and explanations Claude doesn't need, while lacking the depth and error-handling guidance needed for secure secrets management. The code examples are a strength but are undermined by incomplete implementations and missing verification steps for critical operations like secret rotation.
Suggestions
Drastically reduce the file to a concise overview with one primary tool example, moving tool-specific details (Vault, AWS SM, Azure KV, GCP SM) into separate reference files linked from the main skill.
Add explicit validation checkpoints to workflows, especially secret rotation: verify the new secret works before revoking the old one, include rollback steps if rotation fails mid-process.
Remove feature bullet-point lists for each tool (Claude already knows what AWS Secrets Manager and Azure Key Vault do) and replace with only the actionable integration patterns.
Complete incomplete code examples — the rotation Lambda should include actual implementations or clearly mark helper functions with signatures and expected behavior.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose, listing feature bullet points for tools Claude already knows (e.g., 'Azure Key Vault: Azure-native solution, HSM-backed keys'), explaining what protected/masked variables are, and including extensive boilerplate. The 'Purpose' and 'When to Use' sections restate obvious information. Much of this could be cut by 60%+ without losing actionable content. | 1 / 3 |
Actionability | There are concrete code examples (bash, YAML, Python, HCL, Kubernetes manifests) that are mostly copy-paste ready, but several are incomplete — the rotation Lambda references undefined functions (generate_strong_password, update_database_password), the Vault dev server setup uses 'root' token which is not production-appropriate, and many examples end with placeholder comments like '# Use $DB_PASSWORD'. The breadth sacrifices depth. | 2 / 3 |
Workflow Clarity | There are no clear multi-step workflows with validation checkpoints. The manual rotation process lists steps but has no verification or rollback guidance. Secret rotation — a destructive operation — lacks feedback loops (what if the database password update fails after the secret is changed?). Steps are listed but not sequenced with explicit validation gates. | 1 / 3 |
Progressive Disclosure | There are references to external files (references/vault-setup.md, references/github-secrets.md) and related skills, which is good. However, the main file is a monolithic wall covering 5+ tools in extensive detail that should be split into separate reference files. The inline content is far too long for an overview skill file. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- wshobson/agents
- Commit
27a7ed9
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.