secrets-management
Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
78
56%
Does it follow best practices?
Impact
92%
1.12xAverage score across 6 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/cicd-automation/skills/secrets-management/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly defines its niche at the intersection of secrets management and CI/CD pipelines. It includes an explicit 'Use when' clause with relevant trigger terms and names specific tools. The main weakness is that the concrete actions could be more granular—listing specific tasks like configuring secret rotation policies, injecting secrets into build steps, or auditing secret access would strengthen specificity.
Suggestions
Expand the action list with more granular tasks such as 'configure secret rotation policies, inject secrets into pipeline steps, set up dynamic credentials, audit secret access' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (secrets management for CI/CD) and mentions specific tools (Vault, AWS Secrets Manager), but the actions are somewhat general ('implement', 'handling', 'rotating', 'securing') rather than listing multiple concrete discrete actions like 'configure secret rotation policies, inject secrets into pipeline steps, set up dynamic credentials'. | 2 / 3 |
Completeness | Clearly answers both 'what' (implement secure secrets management for CI/CD using Vault, AWS Secrets Manager, or native platform solutions) and 'when' (explicit 'Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments'). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'secrets management', 'CI/CD pipelines', 'Vault', 'AWS Secrets Manager', 'credentials', 'rotating secrets', 'securing CI/CD'. These cover a good range of terms a user would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of secrets management + CI/CD pipelines + specific tools (Vault, AWS Secrets Manager) creates a clear niche that is unlikely to conflict with general CI/CD skills, general security skills, or general cloud infrastructure skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a comprehensive reference document than an actionable skill guide. It covers many tools broadly but shallowly, with excessive feature-listing that Claude already knows, and lacks the workflow clarity and validation checkpoints needed for secure operations involving secrets. The code examples provide some value but the overall structure would benefit from aggressive trimming and reorganization into a concise overview with linked deep-dives.
Suggestions
Restructure as a concise overview (under 80 lines) with a decision matrix for tool selection, then move tool-specific examples into separate reference files (e.g., `references/vault-integration.md`, `references/aws-secrets.md`)
Remove feature bullet lists for each tool (Claude knows what Vault and AWS Secrets Manager do) and replace with only the differentiating guidance Claude needs
Add explicit validation/verification steps to workflows, especially for secret rotation (e.g., 'verify new secret works before revoking old one', rollback procedures if rotation fails)
Complete incomplete code examples: define `generate_strong_password()` and `update_database_password()` functions, or replace with a fully executable rotation example
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose, listing feature bullet points for tools Claude already knows (e.g., 'AWS-native solution', 'Automatic rotation', 'IAM integration'), explaining what protected/masked variables are, and including extensive boilerplate. The 'When to Use' and tool feature lists add little actionable value. Much of this could be cut by 50%+ without losing utility. | 1 / 3 |
Actionability | There are concrete code examples (bash, YAML, Python, HCL, Kubernetes manifests) that are mostly copy-paste ready, but several are incomplete (e.g., `generate_strong_password()` and `update_database_password()` are undefined functions, the Vault dev server setup uses a root token which is not production-appropriate). The best practices section is a generic checklist rather than actionable guidance. | 2 / 3 |
Workflow Clarity | There is no clear multi-step workflow with validation checkpoints. The manual rotation process lists steps but has no verification or rollback guidance. Secret rotation involves destructive operations (revoking old secrets, updating databases) but lacks feedback loops or error recovery steps. The content reads as a reference catalog rather than a guided workflow. | 1 / 3 |
Progressive Disclosure | There are two references to external files (`references/vault-setup.md`, `references/github-secrets.md`) and a related skills section, showing some structure. However, the main file is a monolithic wall of content (~250 lines) covering 6+ tools that would benefit greatly from being split into separate reference files with a concise overview in the main skill. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- wshobson/agents
- Commit
70444e5
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.